daniel:// stenberg://"Unfortunately in the bank where i work it is not easy to change the version, it requires lots of resources to retest." says reporter who uses a ten years old #curl version with a suspected bug... The problem is not open source.
Thomas Depierre@bagder its ok, we just need mandatory cool down so that we
1. Get slower response and testing of new releases
2. Motivate people even less to upgrade.
We know it is the right thing to do, because Security Experts told us. The same that keep demanding "Secure Coding Guidelines" training which have not worked for the past few decades.