1. There is precedent of rejection of deletion requests on the basis of critical security vulnerability. 2. Deletion of package would not protect existing users because nothing requires them to actually switch browsers. 3. This package poses no risk to potential users because it is currently unbuildable with Arch toolchain. Maintainers are still attempting to fix the package and watching for upstream changes that might improve the situation. Deletion would prevent the package from being fixed, prevent users from receiving notifications, and allow takeover by someone without intent to actually fix it. 4. Votes do not indicate actual usage. On Wed, Jun 4, 2025 at 7:55 AM <notify@aur.archlinux.org> wrote:

impulse [1] filed a deletion request for icecat [2]:

SERIOUS SECURITY WARNING: The version is fixed at 115.18.0, As of (June 4th 2025), upstream(IceCat) is 115.24.0, which is still very outdated, as firefox is 128.

The fact this package is still being used, as indicated by votes is also concerning, if this package gets deleted or updated, at least it helps prevent people from installing it, or in case of being updated (if the author decides to), then we can continue, but web browsers should not be this outdated, its months or even mere weeks before a serious CVE may apply.

I wouldn't count on people using LibreJS correctly either, so Javascript is still a vector for this browser.

[1] https://aur.archlinux.org/account/impulse/ [2] https://aur.archlinux.org/pkgbase/icecat/