Comment 16 for bug 1990655

> Security team propose a conditional ACK for promoting http-parser to main
> upon Foundations team's acknowledgment of their commitment in assisting with
> the development of security fixes, in the absence of upstream support, as
> well as their responsibility to ask for demoting the pacakge in the future
> once a suitable alternative is identified and deemed feasible.

`http-parser` is required by `libgit2`, which will be replaced by `gitoxide` in
the (not so near) future.

I wonder what responsibilities go with "assisting with the development
of security fixes"? Does the Foundations team need to look for security
issues and vulnerabilities actively?

The Foundations team will take the responsibility to ask for demoting
the package in the future should Cargo switches to `gitoxide`.