On Sun, Apr 25, 2021 at 11:33:32AM +0200, Tobias Frost <t...@debian.org> wrote: > Additionally, even if there was a new upstream version in 2016, it was never > packaged for Debian. This lets me believe that the package is no longer > maintained in Debian. > > Due to the fact that the scrollz has an open security issue, is not maintained > upstream and Debian, having a very low popcon value and ircii being available, > I think it is probably best to remove the package from Debian at this point. > > If there is no answer to this bug within 3 months, I will reassign this bug to > ftp.debian.org for the actual removal. > > If you disagree, just close the bug, but it would be great if the package > could > be fixed into back into an releasble state.
Unfortunately, though I'm still listed as the maintainer, I haven't had a key in the keyring since 1024-bit GPG keys were removed and am not in a position to actively upload. I do see that there's a recent PR upstream to fix this CVE: https://github.com/ScrollZ/ScrollZ/pull/26 I pinged the upstream author last week on IRC and didn't get a response, so I don't know what the chances are that it will be merged. He may pay more attention to GitHub email these days, though. I haven't looked at the state of debhelper and the rest of the packaging toolchain since my last upload. I could take a look at the latest version and this patch and see about updating the existing source package with those, but I don't know how much time I'll have to put into updating anything that's changed, and I would still need help uploading. -- Mike Markley <m...@markley.org>
