FESCo accepted  a new policy to handle packages with long-standing
known security bugs in a way similar to FTBFS bugs:
AGREED: If a CRITICAL or IMPORTANT security issue is currently open
against a package, or a security issue of lower severity has been
open for at least 6 months, four weeks before the branch point a
procedure similar to long-standing FTBFS will be triggered
immediately, with 8 weeks of weekly notifications to maintainers and
subsequent orphaning and then subsequent removal from distribution.
This applies to all packages, not just leaf.
This policy will apply to F30 and later. The branch point is on
2019/02/19, so somewhere around January 22 the procedure should start
with notifications being sent out. Maintainers are of course encouraged
to fix any security issues immediately. See  for a list of currently
open security bugs.
on behalf of FESCo
since keybinder won't build on any fedora version >=29 and all functionality should be provided by the newer python3 keybinder3 package.
I would like to ask if it's ok to retire it, but since there are some packages depending on it, I would rather orphan it and let someone else take care of it.
Packages depending on it:
dnf repoquery --whatrequires python2-keybinder
Last metadata expiration check: 0:29:57 ago on Mi 29 Aug 2018 19:31:04 CEST.
dnf repoquery --whatrequires keybinder
Last metadata expiration check: 0:30:10 ago on Mi 29 Aug 2018 19:31:04 CEST.
I reviewed the licensing of libevent and found the License tags to be
The License tag of libevent was changed from "BSD" to "BSD and ISC". The
License tag of libevent-doc was changed from "BSD" to "BSD and MIT".