http://bugzilla.suse.com/show_bug.cgi?id=1095041 http://bugzilla.suse.com/show_bug.cgi?id=1095041#c8 --- Comment #8 from Martin Wilck <martin.wilck@suse.com> --- Well, again, the argument can be extended to botocore as a whole. If we don't trust the maintainers to fix their security issues, we'd better not ship the package at all, maybe? (Note that a frequently encountered suggestion on the web is to simply pull awscli using pip, which currently of course comes down to using the bundled stuff as well - but I can see that in that case at least noone can blame SUSE). But I'll stop arguing here. If you're going to pull the unbundling fixes from github, fine with me. -- You are receiving this mail because: You are on the CC list for the bug.