>>>>> "Moritz" == Moritz Mühlenhoff <j...@inutil.org> writes:
Moritz> On Mon, May 06, 2019 at 12:00:22PM -0400, Sam Hartman wrote: >> >> Package: ftp.debian.org Severity: normal >> >> Hi. As discussed in >> https://cointelegraph.com/news/phishing-attack-on-electrum-wallet-nets-hacker-almost-1-million-in-hours-report >> the version of electrum in sid is vulnerable to mallware and has >> been disabled by the electrum servers. So basically the version >> in sid is only useful for getting your bitcoin phished. At least >> until this version is updated it should be removed. See #921688 >> for details. Moritz> We have poor means for people to detect that a package has Moritz> been removed from the archive (and needs local removal); an Moritz> alternative might be to NMU in sid so that it sys.exit()s Moritz> with a message stating that running Electrum is dangerous Moritz> and has been enabled and only proceed with the removal in a Moritz> few weeks? At that point we could simply leave it until the new version comes along. If people want this solution I can make the NMU. --Sam