First, this closes#167972 by explicitly disabling Python tests for the
backported pycrypto library. Those tests were written for Python 2 only.
Furthermore, the meta.knownVulnerabilities attribute was added as the
last weechat-otr upstream release was in 2018-03 [0] and the backported
Debian package of pycrypto is from 2020-04 [1]. As there are no known
vulnerabilities for weechat-otr itself, pycrypto "is unmaintained,
obsolete, and contains security vulnerabilities" [2]. Even with Debian's
patches, this is no good situation.
As weechat-otr being a security and privacy related software, it should
be made obvious, that its code base is old and unmaintained.
[0] https://github.com/mmb/weechat-otr/releases/tag/v1.9.2
[1] https://salsa.debian.org/sramacher/python-crypto/-/tags/debian%2F2.6.1-13.1
[2] https://www.pycrypto.org/
Alvar Penning