Package: ipsec-tools Version: 1:0.8.2+20140711-12 Severity: grave [On behalf of the ipsec-tools maintainers, I'm opening this against ipsec-tools for visibility and discussion.]
The package is effectively orphaned upstream and has been for some time. Given the security-sensitive nature of the package, an active maintainer community is essential for safe usage. Racoon's lack of support for IKEv2, despite it being stable for a long time, and the availability of next-generation tunneling systems such as wireguard, also would seem to limit its future value. Setkey's functionality has been subsumed by 'ip xfrm'. If you disagree that ipsec-tools should be removed from future Debian releases, please say so now. If there are still use cases for it that are not met by other IKE implmenentations that would be good to know. But more importantly, I think you'll need to convince us that ipsec-tools is actually safe to operate on today's Internet given its current state of development.
