>From dla-needed.txt: libnet-ping-external-perl NOTE: The solution for jessie is to remove the package from the archieve. NOTE: The same should be done in wheezy too. So the action for this NOTE: package is to contact the FTP masters in order to handle this.
Reading https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881097 (including the subset that was CCed here) there seems to be some debate if removing it from wheezy is the appropriate thing to do. There is a patch and at quick glance the patch appears to be reasonable standard and updates tests too. None of the hunks from the patch apply to old the version in Debian (same version all distributions). Even though we could patch this, the fact that a 10 year old vulnerability is only now receiving attention does not showcase this package in a positive manner. The project is dead upstream, and Debian hasn't updated to the latest version in sid. In fact it is getting removed from sid. There might be more vulnerabilities. Does anyone have any objections to me removing this? Or should I persue to patch option? -- Brian May <b...@debian.org>
