Dear Debian security-tracker list members, When dealing with the new version of package qstardict , I encountered some embedded code about libqxt. According to , such situation need to be documented in the embedded-code-copies file.
Here's the reason: libqxt upstream is dead since ~2013  and the maintainer of libqxt in Debian is working to remove it from Debian Archive.  This made it impossible for qstardict to use libqxt as external dependency. As libqxt upstream suggested , qstardict selected a small part of code and embedded them for some features they provide.  I have already reported the problem upstream . However, I realized later that complete removal of libqxt seems hard for upstream because that part of code still provide important features that cannot be replaced at the moment. Accidentally, I found another package under my maintenance is also using embedded libqxt (package copyq) . Then I found that there are much more embedded code snippets from libqxt spread around Debian Archive . This surely should be documented. With current situation, I suggest we embed libqxt code into qstardict for now and add the following placeholder entry in embedded-code-copies document: libqxt (no longer developed since 2013) - qstardict <unfixable> (embed) - copyq <unfixable> (embed) NOTE: embed small parts of source files ...and add all other packages that is using embedded libqxt later. Thank you very much and please keep me in CC list. -- Regards, Boyuan Yang  https://bugs.debian.org/888807  https://tracker.debian.org/pkg/qstardict  https://wiki.debian.org/EmbeddedCodeCopies  https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/embedded-code-copies  https://bitbucket.org/libqxt/libqxt/wiki/Home  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875027#10  https://github.com/a-rodin/qstardict/tree/master/qxt  https://github.com/a-rodin/qstardict/issues/16  https://sources.debian.org/src/copyq/3.1.2-1/qxt/  https://codesearch.debian.net/search?q=libqxt