Hi, I understand that users should decide on their own, if they wish to install high risk vulnerable software, so I'm not writing because a deletion request was rejected. I want to make a suggestion. A pinned comment could warn about the high security risk and assuming that upstream of the original software shouldn't fix vulnerabilities, at least recommend to ask upstream of software that requires such software as a dependency, to get rid of this dependency, instead of installing the vulnerable software. I'm not sure if everybody is aware of the risks a package like https://aur.archlinux.org/pkgbase/webkitgtk/ https://aur.archlinux.org/packages/webkitgtk2/ does cause. When providing such a PKGBUILD, is speaking anything against a short pinned comment? Regards, Ralf -- Vote for apulse! echo $(w3m https://aur.archlinux.org/packages/apulse |grep 'Votes: ') Votes: 81 Updated: Sun Jul 2 09:03:52 CEST 2017