Comment # 6 on bug 1095041 from 
Sorry, I don't buy this. If you take this seriously, you need to do a security
audit and verification of the whole botocore package, not only the bundled
sub-packages (after all, the bundled subpackages are only for the use botocore
and aws, nothing else).

I'm not aware that such auditing is part of package maintenance on openSUSE. We
normally rely on the upstream authors to do the auditing, verification, and
testing, don't we? And if we do, we should rather ship what upstream has
verified.

You are receiving this mail because: