On Mon, Feb 24, 2014 at 04:55:50PM +0100, Ulrik wrote: > Hi, > > Fixing the flaw is not a good idea. A debian-developed new encrypted > file format just to salvage this package? Not a good idea. > > Alternatives: > > 1) Remove it > 2) Document the flaw directly in the package description, recommend > a better solution (gpg) directly in the package description. > > Alternative (2) would allow users (if any) to decrypt/migrate their data.
Hi, If something Debian-only is to be done with this package to keep it available, it could be disabling encryption, together with a descriptive error message. This would be a minimal intervention and have the advantages of (1) and (2). This should be documented in the package description and would allow users to decrypt already encrypted data (you never know where that may appear), but not to encrypt. What maintainer thinks about this? Note that this package has been proposed for removal (See cc'ed http://bugs.debian.org/740748), so if any action is intended to keep this package in the archive it should happen soon. Regards, -- Agustin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org