Your message dated Thu, 11 Sep 2025 19:59:23 +0200
with message-id <[email protected]>
and subject line Abandoned upstream and unmaintained
has caused the Debian Bug report #1068975,
regarding Abandoned upstream and unmaintained
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1068975: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068975
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-zxcvbn
Version: 4.4.28-3
Severity: serious
Control: affects -1 pass-extension-audit pwdsphinx secrets
It was reported that the maintainer of this package seems to be MIA (and there
were no maintainer uploads since 2019). At the same time, the package upstream
seems to be dead: https://github.com/dwolfhub/zxcvbn-python/issues/73 (and
there were no commits since 2021 and no releases since 2019). As the upstream
bug correctly notes, this is a security-sensitive package, so it's worrying
that people can be relying on it while it's abandoned. Scott Kitterman even
suggested removing it from Debian but is has revdeps:
pass-extension-audit/src:pass-audit
The only upload to Debian in 2022, last upstream release 2022, zxcvbn is a hard
req per setup.cfg. Popcon 20. No revdeps.
pwdsphinx
All Debian uploads in 2023, last upstream release in 2023. zxcvbn (actually
zxcvbn-python, which is an older version of zxcvbn per
https://pypi.org/project/zxcvbn-python) is a hard req per setup.py. Popcon 2.
No revdeps outside the source package.
secrets
Fairly active both in Debian and upstream. A GNOME app. zxcvbn is a hard req
per meson.build. Popcon 224. No revdeps outside the source package.
-- System Information:
Debian Release: trixie/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500,
'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.7.9-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Please note that on package reintroductions you need to resolve the
issues that made them leave the archive.
--- End Message ---
