Hi, due to bug #736066, encfs was removed from jessie.
I'd think it would be better to allow encfs into jessie for the following reasons: The bug report is about security issues, but these are not security issues of the software (as in: you can somehow hack into the computer wich is running the software), but of the encryption algorithms used. So it can be compared to a package implementing md5: Yes, it's known that md5 is not secure any more, but that's not a reason to remove all packages implementing md5 from debian. One could argue that encfs shouldn't be used any longer to encrypt files, and therefore encfs is just not useful and can be removed. But many users will have legacy installations using encfs encrypted file systems, and will be surprised that they can't access them any more from jessie. So removing encfs will cause major inconveniences to some of our users. Therefore, I propose that encfs should be allowed into jessie. (What would be the right way to do that? Lower the severtiy of the bug? Add a jessie-ignore tag?) To notify users about the potential security issue, a NEWS file could be added, or one could add a warning to the output of the encfs command. Regards, Jan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
