Hi, Fixing the flaw is not a good idea. A debian-developed new encrypted file format just to salvage this package? Not a good idea.
Alternatives: 1) Remove it 2) Document the flaw directly in the package description, recommend a better solution (gpg) directly in the package description. Alternative (2) would allow users (if any) to decrypt/migrate their data. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
