On Mon, 5 Jun 2017 13:42:50 -0400
Michael Orlitzky <mjo@gentoo.org> wrote:

> Hans was
> attempting to fix it, but now that upstream is dead, it will remain
> insecure forever.

IME, as long as that's clear from the pmask, and its clear what those
security vectors are, as long as an end user makes sure those vectors
can't happen, having an insecure-in-theory-but-not-in-practice
phantomjs is better than having no phantomjs.