Bug#1014092: ITP: alass -- automatic language-agnostic subtitle synchronization

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 
X-Debbugs-Cc: debian-devel@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: alass
  Version : 2.0.0
  Upstream Author : kaegi 
* URL : https://github.com/kaegi/alass
* License : GPL-3+
  Programming Lang: Rust
  Description : automatic language-agnostic subtitle synchronization

 alass is a command line tool
 to synchronize subtitles to movies.
 .
 It can automatically correct
  * constant offsets
  * splits due to advertisement breaks, directors cut, ...
  * different framerates
 .
 The alignment process is not only fast and accurate,
 but also language-agnostic.
 This means you can align subtitles to movies in different languages.

This package will be maintained in the Debian section of Salsa, here:
.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmK9SX8ACgkQLHwxRsGg
ASFAPQ/8DjZhyzHvKglX8UeockjE3OQSnzlYtfv8NIE4OGKRWttN+x931318wPDS
12cZWINm94sEqgVxUvWZwMsw7oaKU0CSTLkBEgkL6zEf/+8bwR1lp+Se02DyNO/x
oxahGDnOV9sWUwvHfan5JFZcIQak/KTinUY5D9RV/icYbRKNNhiiLcCXq4H3dI4q
dTyrI4UFMQ2WKtxVcKZ6TptecfbMUHFOvJlk4qlMdo/cJ63873XlCfZjg/M4BaDV
FIR4Krvw6GamjlvUK8HBuqGDPoB6QkADt29jktZxlwpZjup2GzZ2CSGSgYz7maet
vilIiKrxrmfraIskTS7V8YmUKHvzYBUXHbblDFujLj7OqSyH2s6SfGavW1qifgSH
jDDO1ExblefJEjxfbRW7tJF+vB8uHCPlIPA0f21Zw/AE+1WHpZIeZuMvjEQxeh/g
hQD0mtREXd0RC6aGTnNJ/KpOs9YmPBThzEaIKbOMlMFshQVnObvHXhtwPhwZjlX1
L7SDliGCj5BxpRSm20Eryie9DeoK13YowAmON7yfhrbhX14PVQ5ibCvQ6EQ/ibSK
OwQYWJNsh/Q/3bKglJ60ywTLaYNvmvRgPtEv9lEqz5KWrifoswYWqNLym2i2WFSF
3qoWivZwL4L462hWl8e/UJLqoBlND5QWhQmfdm/6+8jCaULGXMY=
=i/oR
-END PGP SIGNATURE-

Bug#1014093: ITP: vobsubocr -- subtitle converter from DVD VOB to SRT

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 
X-Debbugs-Cc: debian-devel@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: vobsubocr
  Version : 0.0~git20211108
  Upstream Author : Eliza Velasquez
* URL : https://github.com/elizagamedev/vobsubocr
* License : GPL-3
  Programming Lang: Rust
  Description : subtitle converter from DVD VOB to SRT

 vobsubocr is a blazingly fast and accurate
 DVD VobSub to SRT subtitle conversion tool.
 .
 DVD subtitles are unfortunately encoded
 essentially as a series of images.
 This presents problems
 when needing a text representation of the subtitle,
 e.g. for language learning.
 vobsubocr can alleviate this problem
 by generating SRT subtitles from an input VobSub file,
 leveraging the optical character recognition engine Tesseract.

This package will be maintained in the Debian section Salsa, here:
.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmK9TJoACgkQLHwxRsGg
ASGTjw/+L5wpOmkpEZw9rtdmM+i6BuOJAFCv08OnQZd0WZkmP6++NjxHx+DZ7YGH
6VLGM1DXzOTrNV88uMREDZZa5JLSD01mlNPgx13UmpwwFLwwAKOnClfwa6inrEKt
V8A0XA/rdjSBR97Bu/wceisjtvr8HJKsCwPEASPck6sBxzGmoVo+5SRsegWns3jy
KLmfYKDM9ShSx94ov61FaL/dxI1VrpH3oEBsN3NOQ2R03NHzAq42tZFY2NzhT0eS
Gg4YowGejNWpJTJ0ZLz73F3nzqwVYLR7RE6R7ZU2kp8IC0XsED364jsi2EjmK8wk
bq8pURDsw2zXvEGDWjRNlc7GsP7NRSHlMK+19MTQ5iT6qiC/yNHjnBUacTTB04rb
lM/aVz+i37gjcBWTLQ8JyS8et0P2gevNGAAQi96J97ww0wViFCdDSywumpU0uZ5R
PvnsKhykhZ1J+0xk5YXDkFAJT91ZHFIlYhPtr6fZsn/mvni6OOnMM5rXNQghWD+I
bNDqj0xBOTWb0tXbqanaTPuwe8KgvfH7OU4w04VT0UX1zkLKST0myrvRX8zuuGYv
JVuXwxc7f0qZrpRrfmN3lnxlXnHeHHVHKKBEp+JGEJ/FcOAiUKLUNXk53+t0nZcH
JPhiFnVbzghLYT0uMCfdoqo0GXjC3y0OB71T4wyEYS/82DcIqOA=
=M3ct
-END PGP SIGNATURE-

Bug#1014029: marked as done (invisible malicious unicode in source code - detection and prevention)

[Debian Bug Tracking System]

Your message dated Thu, 30 Jun 2022 10:22:58 +0200
with message-id <20220630082257.dfe35x2cghs7a...@gpm.stappers.nl>
and subject line Too broad
has caused the Debian Bug report #1014029,
regarding invisible malicious unicode in source code - detection and prevention
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1014029: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014029
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: general
Severity: normal

Quote https://trojansource.codes

> Some Vulnerabilities are Invisible

> Rather than inserting logical bugs, adversaries can attack the encoding of 
> source code files to inject vulnerabilities.
> 

> These adversarial encodings produce no visual artifacts.

> The trick is to use Unicode control characters to reorder tokens in
source code at the encoding level.
> These visually reordered tokens can be used to display logic that,
while semantically correct, diverges from the logic presented by the
logical ordering of source code tokens.
> Compilers and interpreters adhere to the logical ordering of source
code, not the visual order.

> The attack is to use control characters embedded in comments and strings to 
> reorder source code characters in a way that changes its logic.

> Adversaries can leverage this deception to commit vulnerabilities into code 
> that will not be seen by human reviewers.

> This attack is particularly powerful within the context of software supply 
> chains.
> If an adversary successfully commits targeted vulnerabilities into open 
> source code by deceiving human reviewers, downstream software will likely 
> inherit the vulnerability.

> The defense

- > Compilers, interpreters, and build pipelines supporting Unicode
should throw errors or warnings for unterminated bidirectional control
characters in comments or string literals, and for identifiers with
mixed-script confusable characters.

- > Language specifications should formally disallow unterminated
bidirectional control characters in comments and string literals.

- > Code editors and repository frontends should make bidirectional
control characters and mixed-script confusable characters perceptible
with visual symbols or warnings.

additional ideas to protect from this:

- **check if potential existing compromises:** scan all source code for
existing unicode

- **educate existing and future source code reviewers:** add a source
code reviewer policy which existing and future reviewers need to
acknowledge that they understand the issue.

- **remove as much unicode from source code as possible**: by reducing
the amount of unicode in source code, audits for malicious unicode with
automated tools gets simpler. If possible, if unicode is considered
essential, instead of writing `®` when required it should be encoded as
`®`.

- **local check by reviewer:** document tools that source code reviewers
could/should use to scan future contributions for malicious unicode

- **lintian check:** a lintian test that notifies when unicode is
included in the source code.

- **build scripts / CI scripts:** should check if there is unicode in
any files except in opt-in expected files defines in a list. If there is
any unexpected unicode in unexpected files, the build should error out.

- **scan upstream projects source code**: check if these are compromised
by malicious unicode.

- **notify upstream projects**: these might not be aware of this issue
and already compromised by malicious unicode.

how to check example:

grep_args="--exclude=changelog.upstream --exclude-dir=.git
--binary-files=without-match --recursive --color=auto -P -n"

LC_ALL=C grep $grep_args '[^\x00-\x7F]'

LC_ALL=C grep $grep_args "[^[:ascii:]]"

A few other tools might be desirable in case grep can ever be tricked to
miss anything.
--- End Message ---
--- Begin Message ---
Hi,


This email will close this way too broad bugreport.
Having this BR closed will prevent further drain of human energy.

Those who think "but it important" do I recomment
to take smaller steps in going forward.


Regards
Geert Stappers
DD
--
Silence is hard to parse


signature.asc
Description: PGP signature
--- End Message ---

Bug#1014096: ITP: rust-common-failures -- ergonomic helpers for failure

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 
X-Debbugs-Cc: debian-devel@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: rust-common-failures
  Version : 0.1.1
  Upstream Author : Eric Kidd 
* URL : 
https://github.com/emk/subtitles-rs/tree/HEAD/common_failures
* License : CC0-1.0
  Programming Lang: Rust
  Description : ergonomic helpers for failure

 common_failures provide support for:
  * User-friendly `io::Error` wrappers with pathnames,
  * Formatting errors for display to the user
(with the entire cause chain!), and
  * Handy helper utilities like `quick_main!`.
 .
 Basically, the goal is to make `failure` as ergonomic as possible,
 so that everybody can stop re-inventing
 common bits of supporting code.

This package will be maintained in the Debian section of Salsa, here:
.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmK9YMQACgkQLHwxRsGg
ASHRhg/+OGPuzHT/mpTutB9deM1RxVK6ezZO4jnnx4BwE/XEhNCkpIqIIRjmPKWq
7/ITs3SggT2i6bYFvwkoOhEUSEhzE8WcFxNqlaH8TPx6uHSmFf0SBkkd44MliUYZ
o0T8Hnx8yENohV9q/gT9eg7k1I2mNgWObzZxoWFoyQtW9HxMqOyv/yd6cfTNixDE
2oTdJM/v9XWuGdifu4bNjXeGWRkQpN4xEjCWKvmqjdA57ErPTzdjG5xtms2l3S+k
vO7MKErECmAQ00ZBF4CkTtG2nRUjTU6jUVfZ9gEJ5IDz1X+QxWoust5SMuWBI7cv
VKC99E0dCKa5o3AbLFi+O5ZZhyk4elWQ1lu2c+tyKCOqUOOyuV6NWNxyvok3HtYX
TMQCjcYxw78xNYgWZj0OzfM6+2WfZ7bB8bivwO6jc04b4BaOS53jXe79s91H8CO/
Qf5ZPkW/On8a29E2Rbg9lyOWzCr6jyI4TX66sNXGjWbqqQtoHpCGN1RzZ7b5trq+
MFRvnathogIAyz650qywU6p2CNftp8YrErmPrWzlbUwlXLSc82N+eR1KjXSpMI0D
Bvam2KmxQW/Zq3cqOc4N37rz2kDO8YoDQvhACm96c8p2NQJTBmmhzm75d6x1R8PY
nMj/wEGSNc4XL2QG6yMOCXRYKUE76MLCv4P7uwsvgAgZkMQALNQ=
=xLQ5
-END PGP SIGNATURE-

Bug#1014097: ITP: rust-vobsub -- decode DVD VobSub-format subtitles

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 
X-Debbugs-Cc: debian-devel@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: rust-vobsub
  Version : 0.2.3
  Upstream Author : Eric Kidd 
* URL : https://github.com/emk/subtitles-rs/tree/HEAD/vobsub
* License : CC0-1.0
  Programming Lang: Rust
  Description : decode DVD VobSub-format subtitles

 vobsub is a Rust library
 for decoding VobSub-format (sub/idx) subtitles.

This package will be maintained in the Debian section of Salsa, here:
.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmK9Z0sACgkQLHwxRsGg
ASHPghAAoi4eF7yV+rAC9SwA+jeXFVO6LNx/eYuNMfUtIWE1QnLG2HmENdCqclUH
2k8scoJ0eFzfp6MPDRoz3ZITn4XdO32HFdfkmXjKkHktn83RnALzPJdLVt0Fx3Wz
DBBGJPZvmy7xsbFx+CeAuoBkn9RdrDG7UMaQHlxxAdhQsMcAzuUCxhNcaHmlKv0i
0VI7o+FSYek8l33pHUcW/f6rp6Db3u81fKDgFkxhNbtB0gBNRudrPCYitB2p1Lb0
UcaR6HJ9LuDUmHp6etlxsN0Cs1zrYmsivCQg6lbd3wqHkUi+X4t7DiN1404lvchG
AvnagYDeuPFmJIegU9shVS6jxn7enqcBdxg0fkbgudtcq23/zZ/xCBKiHN2UbMD+
P2wboB2exDkxywh+TYyneAFgaOlFgaSxJmyh6w3TyQZwX020c0pYLOL3/HaBo9zD
vFpdfl5jM4UTBxP0OOfoaVxKELpSY9qXqnZ6LEWWQUrgLtkgmCReqNiRQejwEH1b
yIer0WS/XE4S84NPooGgIAmrjFGZVZKlZ7IZ8mzixs7S1lfQD9M1YSlzMYejHbOx
yuYheVw5E5kxvfedfZYWYDPOm0LnuJD4IOMv4zcUQ6P23l8lGgn+Dctn/p+IREH3
I6BfL2t+dEGtgSIpAPHQ8zC2iBu1ilWHgplsYTQzhMqsmw0G3EE=
=pa/x
-END PGP SIGNATURE-

Re: Bug#1013132: ITP: BabaSSL -- BabaSSL is a base library for modern cryptography and communication security protocols.

[Marco d'Itri]

On Jun 30, Stephan Verbücheln  wrote:

> As far as I understand it, the main point of BabaSSL is to add support
> for Chinese developed ciphers and algorithms.
Is supporting Chinese cryptography standards a goal for Debian?
If it is then they should be available to all packages, but if it is not 
then I am not sure that having random (?) packages depend on an OpenSSL 
alternative would be a good strategy.

> Long time ago in my student years, I was working with a German fork of
> OpenSSL. The point was to add German elliptic curves (BSI and Deutsche
> Telekom). They were eventually merged into OpenSSL.
Do you expect that support for the Chinese algorithms will be merged in 
OpenSSL any time soon? Is there such a plan by the BabaSSL developers?

-- 
ciao,
Marco


signature.asc
Description: PGP signature

is rust-failure a heisen-package?

[Jonas Smedegaard]

Hi,

This looks odd to me: https://tracker.debian.org/pkg/rust-failure

Latest news from 7 months ago was *removal* of the package, yet it is
seemingly still around.

What am I missing here?

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Re: is rust-failure a heisen-package?

[Andrey Rahmatullin]

On Thu, Jun 30, 2022 at 02:35:45PM +0200, Jonas Smedegaard wrote:
> Hi,
> 
> This looks odd to me: https://tracker.debian.org/pkg/rust-failure
> 
> Latest news from 7 months ago was *removal* of the package, yet it is
> seemingly still around.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973298 should answer
this (e.g. #45)



-- 
WBR, wRAR


signature.asc
Description: PGP signature

Bug#1014116: ITP: node-data-uri-to-buffer -- Generate a Buffer instance from a Data URI string

[Michael Ikwuegbu]

Package: wnpp
Severity: normal
Owner: Michael Ikwuegbu 
X-Debbugs-CC: debian-devel@lists.debian.org

* Package name: node-data-uri-to-buffer
  Version : 4.0.0
  Upstream Author : Nathan Rajlich  (http://n8.io/)
* URL : https://github.com/TooTallNate/node-data-uri-to-buffer
* License : Expat
  Programming Lang: JavaScript
  Description :  Generate a Buffer instance from a Data URI string

 This module accepts a "data" URI String of data, and returns a node.js
Buffer instance with the decoded data.
.
Node.js is an event-based server-side JavaScript engine.

Re: is rust-failure a heisen-package?

[Jonas Smedegaard]

Quoting Andrey Rahmatullin (2022-06-30 14:50:05)
> On Thu, Jun 30, 2022 at 02:35:45PM +0200, Jonas Smedegaard wrote:
> > Hi,
> > 
> > This looks odd to me: https://tracker.debian.org/pkg/rust-failure
> > 
> > Latest news from 7 months ago was *removal* of the package, yet it is
> > seemingly still around.
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973298 should answer
> this (e.g. #45)

Ohh, the clue was right there in the bugreport itself.

Thanks, Andrey!

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Re: Bug#1013132: ITP: BabaSSL -- BabaSSL is a base library for modern cryptography and communication security protocols.

[Sam Hartman]

> "Stephan" == Stephan Verbücheln  writes:

Stephan> As far as I understand it, the main point of BabaSSL is to
Stephan> add support for Chinese developed ciphers and algorithms.

It looked like there were two main points.
The first was in fact these ciphers.
I don't think that's a good reason for including in Debian because it
looks like OpenSSL is interested in adding these ciphers long-term, and
that appears a much better strategy for us as a ddistribution.

However there are some other features from the ITP:

-Support NTLS (formal GM dual-certificate protocol) handshake processing, 
according to GB/T 38636-2020
TLCP
-QUIC API support
-Support delegated credentials, according to draft-ietf-tls-subcerts-10

I don't recognize NTLS
and presumably since draft-ietf-tls-subcerts is a working group draft it
will be possible to get into OpenSSL eventually.

Bug#1014123: ITP: apprise -- Push notifications that work with just about every platform

[Josenilson Ferreira da Silva]

Package: wnpp
Severity: wishlist
Owner: Josenilson Ferreira da Silva 
X-Debbugs-Cc: debian-devel@lists.debian.org, nilsonfsi...@hotmail.com

* Package name: apprise
  Version : 0.9.9
  Upstream Author : Chris Caron 
* URL : https://github.com/caronc/apprise
* License : MIT/X
  Programming Lang: Python
  Description : Push notifications that work with just about every platform

 allows sending notifications to almost all popular notification services:
 Telegram, Discord, Slack, Amazon SNS, Gotify, etc.

Re: Bug#1013132: ITP: BabaSSL -- BabaSSL is a base library for modern cryptography and communication security protocols.

[Vincent Bernat]

On 6/30/22 16:16, Sam Hartman wrote:


However there are some other features from the ITP:

-Support NTLS (formal GM dual-certificate protocol) handshake processing, 
according to GB/T 38636-2020
TLCP
-QUIC API support


Is it compatible with QuicTLS, which is another fork of OpenSSL? Some 
context here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011391. 
QuicTLS has some users already: curl, haproxy, apache, nodejs, ngtcp2.

Work-needing packages report for Jul 1, 2022

[wnpp]

The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.

Total number of orphaned packages: 1272 (new: 7)
Total number of packages offered up for adoption: 176 (new: 0)
Total number of packages requested help for: 59 (new: 0)

Please refer to https://www.debian.org/devel/wnpp/ for more information.



The following packages have been orphaned:

   gimp-gap (#1013981), orphaned 2 days ago
 Description: animation package for the GIMP
 Installations reported by Popcon: 1084
 Bug Report URL: https://bugs.debian.org/1013981

   linux-ftpd-ssl (#1014047), orphaned yesterday
 Description: BSD-derived ftpd with SSL patches
 Installations reported by Popcon: 28
 Bug Report URL: https://bugs.debian.org/1014047

   netkit-telnet-ssl (#1014046), orphaned yesterday
 Description: BSD-derived netkit-telnet with SSL patches
 Reverse Depends: zssh
 Installations reported by Popcon: 672
 Bug Report URL: https://bugs.debian.org/1014046

   sigscheme (#1013900), orphaned 3 days ago
 Description: Scheme Interpreter to be embedded
 Reverse Depends: libgcroots-dev libsscm-dev libsscm3 libuim-dev
   libuim-scm0 sigscheme
 Installations reported by Popcon: 1561
 Bug Report URL: https://bugs.debian.org/1013900

   spout (#1013764), orphaned 5 days ago
 Description: Tiny abstract black and white 2D cave-shooter
 Installations reported by Popcon: 58
 Bug Report URL: https://bugs.debian.org/1013764

   t-code (#1013899), orphaned 3 days ago
 Description: Japanese direct input method environment for emacsen
 Reverse Depends: t-code uim-tcode
 Installations reported by Popcon: 7
 Bug Report URL: https://bugs.debian.org/1013899

   tuxguitar (#1013777), orphaned 5 days ago
 Description: Multitrack guitar tablature editor and player (gp3 to
   gp5)
 Reverse Depends: tuxguitar-alsa tuxguitar-fluidsynth tuxguitar-jack
   tuxguitar-jsa tuxguitar-oss
 Installations reported by Popcon: 793
 Bug Report URL: https://bugs.debian.org/1013777

1265 older packages have been omitted from this listing, see
https://www.debian.org/devel/wnpp/orphaned for a complete list.



No new packages have been given up for adoption, but a total of 176 packages
are awaiting adoption.  See https://www.debian.org/devel/wnpp/rfa_bypackage
for a complete list.



For the following packages help is requested:

   apache2 (#910917), requested 1356 days ago
 Description: Apache HTTP Server
 Reverse Depends: apache2 apache2-ssl-dev apache2-suexec-custom
   apache2-suexec-pristine backuppc bfh-container-server
   courier-webadmin cvsweb debbugs-web doc-central (134 more omitted)
 Installations reported by Popcon: 95877
 Bug Report URL: https://bugs.debian.org/910917

   apparmor (#1006872), requested 115 days ago
 Description: user-space parser utility for AppArmor
 Reverse Depends: apparmor-notify apparmor-profiles
   apparmor-profiles-extra apparmor-utils content-hub-testability
   dbus-daemon dbus-tests debian-cloud-images-packages dovecot-core
   firejail (17 more omitted)
 Installations reported by Popcon: 184014
 Bug Report URL: https://bugs.debian.org/1006872

   aufs (#963191), requested 740 days ago
 Description: driver for a union mount for Linux filesystems
 Reverse Depends: fsprotect
 Installations reported by Popcon: 8105
 Bug Report URL: https://bugs.debian.org/963191

   autopkgtest (#846328), requested 2038 days ago
 Description: automatic as-installed testing for Debian packages
 Reverse Depends: debci-worker sbuild-qemu
 Installations reported by Popcon: 1183
 Bug Report URL: https://bugs.debian.org/846328

   balsa (#642906), requested 3931 days ago
 Description: An e-mail client for GNOME
 Reverse Depends: balsa
 Installations reported by Popcon: 656
 Bug Report URL: https://bugs.debian.org/642906

   cargo (#860116), requested 1906 days ago
 Description: Rust package manager
 Reverse Depends: dh-cargo python3-setuptools-rust rust-all
 Installations reported by Popcon: 2755
 Bug Report URL: https://bugs.debian.org/860116

   courier (#978755), requested 546 days ago
 Description: Courier mail server
 Reverse Depends: courier-faxmail courier-filter-perl courier-imap
   courier-ldap courier-mlm courier-mta courier-pcp courier-pop
   courier-webadmin couriergrey (3 more omitted)
 Installations reported by Popcon: 820
 Bug Report URL: https://bugs.debian.org/978755

   cron (#984736), requested 480 days ago
 Description: new maintainer need
 Reverse Depends: apticron autolog backintime-common b