This report details some issues in tmate-ssh-server, which I don't believe we have packaged:
Apparently it and tmate itself were born as forks of tmux, and the above report contains this concerning statement:
"Both forks originate from
the year 2016 and no sync seems to have happened since then. The upstream
author states that he doesn't backport fixes any more due to lack of time."
As such, I'm not sure if tmate is vulnerable to CVE-2018-19387 (Bug 24054) or CVE-2020-27347 (Bug 27569) but if it isn't syncing fixes from tmux, it could leave it vulnerable to other issues in the future. Nothing requires this package so we can drop it.
Humm it's very useful.
It's still maintained in other distros.
I think we can just follow other distros on that front.
Just because it's packaged in distros doesn't mean anything if the software itself isn't being maintained.