Hi Moritz, Jonas and Anthony On Sun, Feb 10, 2019 at 02:47:49PM +0100, Moritz Muehlenhoff wrote: > Source: libsass > Severity: serious > > None of the security bugs filed in the BTS has seen any maintainer followup > (dating back to 2017 in some cases), and that's just the tip of the iceberg, > the security tracker lists many more. > > Unless someone steps forward and commits to properly maintain it during the > lifetime of a stable release, let's not include it in buster.
Removing it from buster and try to get it in shape for bullseye seems though a bit hard at this point in time probably, jftr, what would mean if src:libsass needs to be removed (from testing): > $ LC_ALL=C.UTF-8 dak rm --suite=testing -n -R libsass > Will remove the following packages from testing: > > libsass | 3.5.5-2 | source > libsass-dev | 3.5.5-2 | amd64, arm64, armel, armhf, i386, mips, mips64el, > mipsel, ppc64el, s390x > libsass1 | 3.5.5-2 | amd64, arm64, armel, armhf, i386, mips, mips64el, > mipsel, ppc64el, s390x > > Maintainer: Debian Sass team <pkg-sass-de...@lists.alioth.debian.org> > > ------------------- Reason ------------------- > > ---------------------------------------------- > > Checking reverse dependencies... > # Broken Depends: > astroidmail: astroid > golang-github-wellington-go-libsass: golang-github-wellington-go-libsass-dev > hugo: hugo > libsass-python: python-libsass > python3-libsass > pike8.0: pike8.0-web-sass > sassc: sassc > sassphp: php-sass > > # Broken Build-Depends: > astroidmail: libsass-dev > golang-github-wellington-go-libsass: libsass-dev (>= 3.5.5~) > hugo: libsass-dev (>= 3.5.4) > libsass-python: libsass-dev (>= 3.5.4) > pike8.0: libsass-dev > sassc: libsass-dev (>= 3.5.0) > sassphp: libsass-dev > > Dependency problem found. Regards, Salvatore
