Hi,
On 09/06/2026 11:32, Holger Levsen wrote:
On Mon, Jun 08, 2026 at 09:14:35PM +0000, Moritz Mühlenhoff wrote:
It's marked as bogus in the security tracker. I don't think we should
start declaring random packages which are dead upstream as unsupported,
that won't scale and is also not the right course of action. We have
100s of other packages which no longer have an active upstream and
if there's ever a genuine security issue for ply we can look into
fixes ourselves.
agreed and +1
Would it make sense to mark such packages as "limited support"?
(not merely lowly active or abandoned, but officially retired and
without compatible replacement/fork, especially with rdeps.)
They can only get a "best effort" support, notably without upstream to
sanction our fix, which isn't on par with regularly supported packages.
This also hints that something need to change to get full support again.
Cheers!
Sylvain Beucler
Debian LTS Team
