Hello again.

In my previous posting concerning mcrypt I have not been specific enough. Second attempt, then.

I read in the documentation of the Debian installation package that mcrypt were dysfunctional and the original developers had abandoned the project. “Strong read“ but not very informative.

Can you enlighten me or refer me to a web-page that conveys some more insight? After a few attempts to find some, I give up. If you know the details, is the library affected or only the mcrypt executable? And of course.., affected by what?

TIA.

The other thread has been moved to “General”. It is here: YAD (ex zenity) front-end for mcrypt and mdecrypt

I just did a short google search and am stunned that you didn't find anything.

I suggest to read the Wikipedia entry, to take a look at the CVS code base and for example the linked diff, where the only active developer removed the reference to his maintainership:

https://en.m.wikipedia.org/wiki/Mcrypt
http://mcrypt.cvs.sourceforge.net/vi...?r1=1.2&r2=1.3

I cannot say anything about how secure it is, but looking at the release history the term "abandonware" seems reasonable to me.

I do not use google, but swisscows, ixquick and a bunch of other search engines do provide the same results, I guess..

Curiously, they name 1 fact and call it “these facts”. Apart from that, a security-risk is not mentioned.
Okay, let us assume, that that is all the information there is.
I might then continue to use mcrypt and not feel bad about it... surely an acceptable result of my enquiry. ;-)

Yes, I think so. Although I would at least look at the (in the Wikipedia article mentioned) merge requests at sourceforge.net to see if there might be something security related. I have not checked that. Otherwise you should of course feel free to use any program you want, however old or maintained it is as long as it provides the functionality you want (no irony intended).