Comment # 8 on bug 1095041 from Martin Wilck

Well, again, the argument can be extended to botocore as a whole. If we don't
trust the maintainers to fix their security issues, we'd better not ship the
package at all, maybe? (Note that a frequently encountered suggestion on the
web is to simply pull awscli using pip, which currently of course comes down to
using the bundled stuff as well - but I can see that in that case at least
noone can blame SUSE).

But I'll stop arguing here. If you're going to pull the unbundling fixes from
github, fine with me.