This report details some issues in tmate-ssh-server, which I don't believe we have packaged: https://www.openwall.com/lists/oss-security/2021/12/06/2 Apparently it and tmate itself were born as forks of tmux, and the above report contains this concerning statement: "Both forks originate from the year 2016 and no sync seems to have happened since then. The upstream author states that he doesn't backport fixes any more due to lack of time." As such, I'm not sure if tmate is vulnerable to CVE-2018-19387 (Bug 24054) or CVE-2020-27347 (Bug 27569) but if it isn't syncing fixes from tmux, it could leave it vulnerable to other issues in the future. Nothing requires this package so we can drop it.
Priority: Normal => release_blockerTarget Milestone: --- => Mageia 9
Humm it's very useful. It's still maintained in other distros. I think we can just follow other distros on that front.
Just because it's packaged in distros doesn't mean anything if the software itself isn't being maintained.
Blocks: (none) => 30163
Do this need to be a release blocker?
CC: (none) => fri
Yes, packages can't be dropped after release.
For packages like this where it is not on the iso image, it's a blocker for the final, not a blocker for the rc.
CC: (none) => davidwhodgins
Fixed closing
CC: (none) => mageiaResolution: (none) => FIXEDStatus: NEW => RESOLVED