> I don't think that getpwnam_shadow is a big concern. Fixes can be > applied to -stable with relatively minor churn, if needed.
They are being discovered slower than I expected. Maybe there are only a handful left. > I don't think that 6.0 can ship with wxneeded enforced. There's just > too much to do, and afaik no one is trying to fix the few big ports that > would need it. I don't think we are tightening the enforcement. As a result, 6.0 is probably going out the door with "noisy reporting", and we'll collect information from the community. Is that a good strategy? Or should we silence it.
