Hey, I was wondering if there's anything that could be done about the botan package we still ship in Fedora (not to be confused with botan2). As already mentioned by Jack in [0] it's been EOLed for over five years and it no longer meets today's security requirements. It looks like the only consumer of botan seems to be monotone, which indeed still requires botan 1.x, but there's a couple of patches (not only) from the NixOS folks [1] that adapt it to use the supported botan 2.x version (packaged as botan2 in Fedora). It would be great if we could make use of this in Fedora as well and eventually retire the botan package altogether. Thanks! Cheers, Frantisek [0] https://bugzilla.redhat.com/show_bug.cgi?id=2280094 [1] https://lists.nongnu.org/archive/html/monotone-devel/2024-02/msg00002.html -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue