On Wed, Feb 17, 2021 at 08:31:22AM +0100, Hugo Lefeuvre wrote: > Do you know if xcftools is only used as a build dependency, or is > it used by some end users directly? The popcon is not that low > and my fear is that, even after removing it from Debian, users > would continue to use it, installing from somewhere else, > effectively being at even higher risk than with the Debian > archive's (semi-) patched version.
The risk seems quite low; xcftools can't handle the XCF files generated by the Gimp version in Buster: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930525 Cheers, Moritz
