Hi, I plan to orphan crypto++ [1] soon: I don't maintain any package that depends on it anymore, and it's becoming annoying to maintain.
For instance, there was a significant security issue on July 2019 [2], and 5 months later there is still no upstream release even though a patch is available [3]. I just patched the Arch package but it raises the question of whether we want to have such a crypto library in our repositories. Here are the packages that currently depend on crypto++: - amule - clementine - kvazaar - rbutil - ceph (makedepends) If nobody steps up to adopt it before December 20th, I will drop it to the AUR. In that case, I will send a reminder to find a solution for the above packages. Thanks, Baptiste [1] https://www.archlinux.org/packages/community/x86_64/crypto++/ [2] https://security.archlinux.org/CVE-2019-14318 [3] https://github.com/weidai11/cryptopp/issues/869
signature.asc
Description: PGP signature
