On Tue, Aug 02, 2016 at 04:05:45AM +0200, Guillem Jover wrote: > Source: openssl-blacklist > Source-Version: 0.5-3 > Severity: important > User: debian-d...@lists.debian.org > Usertags: dpkg-obsolete-deb-data-tar-compressor > > Hi! > > This source package builds one or more binary packages using the > deprecated compressor bzip2. The default has been xz for a while now > which should usually compress better than bzip2. If instead you'd like > speed then switch to use gzip. > > Using a deprecated compressor when building binary packages will > become an error in the near future. Please update the packages. > > See also <https://lists.debian.org/debian-devel/2016/07/msg00113.html>.
Instead of fixing this, should we just remove the package? It's been almost a decade since CVE-2008-0166 happened, I don't think it serves any purpose any longer. Cheers, Moritz