Bug#959723: RM: matrix-synapse/0.99.2-6 -- ROM; security issues; obsolete version

[Julien Cristau <jcristau@debian.org>]

On Mon, May 04, 2020 at 03:30:53PM +0200, Andrej Shadura wrote:
> Synapse 0.99 was never meant to be a properly usable release in buster,
> and it was only included as some sort of a plug to make upgrades a tiny
> bit easier for users — they were supposed to upgrade the package to the
> version from backports almost immediately.
> 
> However, the time when this version was usable has definitely passed. It
> has a bunch of security issues fixed in the newer releases, and the
> effort of porting them back is significant, while most probably everyone
> running synapse on buster is on the version from backports or the
> version from the upstream.
> 
> Please remove matrix-synapse from buster only.
> 
That is terrible practice.  Shipping something in stable is a commitment
to support it throughout the release's lifetime.  Removing it from
stable doesn't remove it from user systems, doesn't communicate to them
that it is not fit for purpose, or anything like that.  Please
reconsider your strategy here.

Cheers,
Julien