>>>>> "Moritz" == Moritz Mühlenhoff <[email protected]> writes:
Moritz> On Mon, May 06, 2019 at 12:00:22PM -0400, Sam Hartman wrote:
>>
>> Package: ftp.debian.org Severity: normal
>>
>> Hi. As discussed in
>>
https://cointelegraph.com/news/phishing-attack-on-electrum-wallet-nets-hacker-almost-1-million-in-hours-report
>> the version of electrum in sid is vulnerable to mallware and has
>> been disabled by the electrum servers. So basically the version
>> in sid is only useful for getting your bitcoin phished. At least
>> until this version is updated it should be removed. See #921688
>> for details.
Moritz> We have poor means for people to detect that a package has
Moritz> been removed from the archive (and needs local removal); an
Moritz> alternative might be to NMU in sid so that it sys.exit()s
Moritz> with a message stating that running Electrum is dangerous
Moritz> and has been enabled and only proceed with the removal in a
Moritz> few weeks?
At that point we could simply leave it until the new version comes
along.
If people want this solution I can make the NMU.
--Sam
