Acknowledgement sent
to Antoine Beaupre <anarcat@debian.org>:
New Bug report received and forwarded. Copy sent to Debian FTP Master <ftpmaster@ftp-master.debian.org>.
(Wed, 26 Apr 2017 20:39:04 GMT) (full text, mbox, link).
Package: ftp.debian.org
Severity: normal
I am one of the last maintainers of the kedpm package, and I am not
using it anymore. Recently, a security issue was found in the package
(#860817), and I feel there may be more - I haven't deeply audited the
source code myself. Or if I did, it was a long time ago, and I can no
longer vouch for it.
So please, remove kedpm from Debian sid. I'll take care of updating
the packages in stable/LTS but let's put this thing out of its misery.
For the record, fpm2, from which kedpm derives, was also removed from
Debian stretch. Note that kedpm is the software in Debian that can
parse "figaro" password databases.
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility.
(Fri, 28 Apr 2017 08:21:39 GMT) (full text, mbox, link).
Notification sent
to Antoine Beaupre <anarcat@debian.org>:
Bug acknowledged by developer.
(Fri, 28 Apr 2017 08:21:39 GMT) (full text, mbox, link).
Subject: Bug#861277: Removed package(s) from unstable
Date: Fri, 28 Apr 2017 08:20:14 +0000
We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:
kedpm | 1.0 | source, all
kedpm-gtk | 1.0 | all
------------------- Reason -------------------
ROM; inactive upstream, unmaintained, security issues
----------------------------------------------
Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it). Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors until the next
dinstall run at the earliest.
Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.
We try to close bugs which have been reported against this package
automatically. But please check all old bugs, if they were closed
correctly or should have been re-assigned to another package.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 861277@bugs.debian.org.
The full log for this bug can be viewed at https://bugs.debian.org/861277
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Chris Lamb (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 27 May 2017 07:31:41 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.