Marked as vulnerable in F-Droid

[pchampin]

I just updated F-Droid to version 1.0 and it altered me that a number of my installed packages, including OpenConnect, were vulnerable.

More precisely, it has the KnownVul and DisabledAlgorithm tags, both described here. From what I understand, it is mostly a matter or re-packaging rather than re-coding anything...

[devurandom]

OpenConnect is not anymore available in F-Droid at all.

[ildar]

@pchampin , that's right, but this issue is generally unrelated to the app itself, it's F-Droid business ). And it is massively discussed on F-Droid forum. BTW the app is currently available at F-Droid Archive. The good way to get it back is the new app release and new build, when the former is available

[blipp]

The only thread in the F-Droid forum I could find is this one https://forum.f-droid.org/t/many-old-unmaintained-apps-have-been-archived/670, saying:

[…] Anything security-sensitive on that list like […] should probably be no longer used. […] Its been archived because it hasn’t been updated in over 2 years, and the signature is no longer valid. That’s not great for a security app. […]

Here is the issue in F-Droid's data bug tracker concerning OpenConnect: https://gitlab.com/fdroid/fdroiddata/issues/941

[IzzySoft]

If you release a new version and let us know, we could update to that – and thereby making the app available in "main" again.

[IzzySoft]

How are the chances for that – or maybe even an ETA, @cernekee?