Am Sun, Feb 19, 2023 at 12:02:15PM +0100 schrieb Andreas Enge: > Then we have: > Building the following 6 packages would ensure 9 dependent packages are > rebuilt: python-miio@0.5.11 ledger-agent@0.9.0 electrum@4.3.2 eolie@0.9.101 > jrnl@1.9.7 poezio@0.13.2
Concerning poezio, it depends on python-potr (and is its only dependent), which in turn depends on python-pycrypto. Concerning python-potr, I am a bit at a loss. There is https://github.com/python-otr/pure-python-otr with their latest release 1.0.2 in 2018 and a big bold comment "This software is experimental and potentially insecure. Do not rely on it". Pypi has this: https://pypi.org/project/python-otr/ which I suppose is a different project. Would it make sense to remove python-potr and poezio? I am not confident with crypto libraries that call themselves insecure... Andreas
