On Sun, Apr 25, 2021 at 11:33:32AM +0200, Tobias Frost wrote: > Package: scrollz > Severity: serious > > user debian-rele...@lists.debian.org > usertags -1 + bsp-2021-04-AT-Salzburg > thank you > > Dear maintainers, > > according to my research, scrollz is a fork of ircii, also in Debian. > However, > scrollz last update was 2016 while icrii is still frequently releasing new > versions. > > Additionally, even if there was a new upstream version in 2016, it was never > packaged for Debian. This lets me believe that the package is no longer > maintained in Debian. > > Due to the fact that the scrollz has an open security issue, is not maintained > upstream and Debian, having a very low popcon value and ircii being available, > I think it is probably best to remove the package from Debian at this point. > > If there is no answer to this bug within 3 months, I will reassign this bug to > ftp.debian.org for the actual removal. > > If you disagree, just close the bug, but it would be great if the package > could > be fixed into back into an releasble state. > > If you agree, please reassign the bug to ftp.debian.org.
FWIW, from security team perspective we think scrollz (and possibly ircii) should both not be included in bullseye in this form. Regards, Salvatore
