On Mon, May 06, 2019 at 12:00:22PM -0400, Sam Hartman wrote: > > Package: ftp.debian.org > Severity: normal > > Hi. As discussed in > https://cointelegraph.com/news/phishing-attack-on-electrum-wallet-nets-hacker-almost-1-million-in-hours-report > the version of electrum in sid is vulnerable to mallware and has been > disabled by the electrum servers. So basically the version in sid is > only useful for getting your bitcoin phished. At least until this > version is updated it should be removed. See #921688 for details.
We have poor means for people to detect that a package has been removed from the archive (and needs local removal); an alternative might be to NMU in sid so that it sys.exit()s with a message stating that running Electrum is dangerous and has been enabled and only proceed with the removal in a few weeks? Cheers, Moritz