Hey Salvo.
Well I've seen that discussion and upstream seems to be pretty hostile against distributions (and apparently security as well). :-( On the other hand, Debian now unfortunately lacks subsurface packages (while other distros have them, or at least more well integrating repos). So people may simply use the questionable packages provided by upstream (which are for the average user only secured by worthless https), which in turn may again decrease security for people. As you've said, libdivecomputer is probably not the problem, while it's already packaged for Debian, that version seems to be used by at least no package. And marble and libgit2: isn't libgit only used locally for storing the logs? Marble is of course an issue. it would be very sad if one could not longer see the dive sites on the globe. But better than nothing at all. Do you think it's difficult to get subsurface working with the official marble libs? Apart from that, many even major packages in Debian seem to ship their copies of libs (e.g. I think ffmpeg uses many internal copies for which official packages exist). So it's not that uncommon, of course it's a pity, but sometimes better than nothing. Best wishes!
