On Tue, Aug 02, 2016 at 04:05:45AM +0200, Guillem Jover wrote:
> Source: openssl-blacklist
> Source-Version: 0.5-3
> Severity: important
> User: debian-d...@lists.debian.org
> Usertags: dpkg-obsolete-deb-data-tar-compressor
>
> Hi!
>
> This source package builds one or more binary packages using the
> deprecated compressor bzip2. The default has been xz for a while now
> which should usually compress better than bzip2. If instead you'd like
> speed then switch to use gzip.
>
> Using a deprecated compressor when building binary packages will
> become an error in the near future. Please update the packages.
>
> See also <https://lists.debian.org/debian-devel/2016/07/msg00113.html>.
Instead of fixing this, should we just remove the package? It's been almost
a decade since CVE-2008-0166 happened, I don't think it serves any purpose
any longer.
Cheers,
Moritz
