CCed to security team. Hello Security Team, Upstream feel that the fix for this is to provide a warning to the user. See: https://lists.debian.org/debian-lts/2018/04/msg00098.html (actually I can't find this warning in the code... but only a quick search so far...) However I don't think this is a real solution to the security problem. As a result I am prone to mark this no-dsa in wheezy. What do you think? -- Brian May <bam@debian.org>