Package: dovecot-core Version: 1:2.3.21+dfsg1-3+b1 Severity: wishlist
Dear Maintainer(s), in light of the recent xz security breach, I'd like to ask if it would be possible to rework systemd readiness notification and socket activation patches to not link against libsystemd as just achieved for the openssh-server package in version 1:9.7p1-4 ? This would avoid /usr/bin/dovecot being linked also to three compression libraries (liblz4, liblzma, libzstd) and to libgpg-error. Regards, Jörg.
