On Wed, 05 Nov 2025 14:24:20 +0530 Barak A. Pearlmutter <[email protected]> wrote: > The "right" solution is for the openconnect project to make a more > up-to-date official release. > > [...] > > Taking a bird's-eye view, it's clear that the openconnect project is > under veery active development, has many unresolved issues on the > gitlab clone of their development repo, and for some reason has not > seen fit to make an official release yet. Maybe they have a reason for > that? They seem to know what they're doing. > > Perhaps raise this as an issue on https://gitlab.com/openconnect/openconnect/ > ? >
As said earlier, the upstream has not bothered to reply on any request for a release and has also not discouraged multiple recommendations to use packages compiled by their open-build service. It has been ≈1y since the fix landed. Almost everyone is either custom compiling packages or downloading DEB files from non-official sources, which is a LOT bigger security risk. And again, as I said earlier, IMO if there is an unfixed undisclosed security issue present in the codebase for such a long time, and it is still not fixed while the suggestions to compile own packages and use them have not been discouraged, then that's a problem with upstream process. There is no reason for this broken package to exist. If this is not gonna get updated, please remove this package. This package despite being unfit for release landed in stable even after my serious label. The maintainer for this package has abandoned the project since he has never bothered to reply. Thanks, Siddh
