[EustassKid]

I don't know about other Linux distributions (or operating systems) but a while ago NixOS marked Sublime Text as insecure and wouldn't let me install it without me setting the option to allow insecure packages (since it depends on openssl 1.1.1u), I don't know how dangerous it would be to have software with an out of date TLS library for me, a regular user, but I just switched to emacs, so sad because ST is an excellent editor, a great set of features and plugins while still being extremely fast (which is my problem with VSCode).

[iotku]

I briefly looked into it (from the same NixOS issues), there's a GitHub issue somewhere about it [1]

Effectively as I recall it a large amount of Sublime Text plugins internally rely on an old version of Python (3.3) which in turn relies on OpenSSL 1.1.1, there is concern that forcing the python version to something newer will largely break their plugin ecosystem as a lot of the plugins are expecting Python 3.3 and may not be compatible with 3.8 or later versions with supported OpenSSL.

It's probably not a major security risk unless the plugins are making network connections, but it is an unfortunate situation.

Edit: [1] https://github.com/sublimehq/sublime_text/issues/5984

[MatthiasPortzel]

The thing that frustrates me about Sublime’s position is this (from that link):

> With most packages being no longer maintained there's little chance to get that file into existing repos.

So you can’t break backwards compatibility because “most packages” aren’t maintained. But that means those packages are no longer receiving bug fixes.

As a new Sublime Text user (within the last year), the package situation is definitely frustrating. There seems to be a lot of pride within the Sublime staff and core volunteer group, some of which is deserved, Sublime is an amazing editor. But at some point they’re going to have to admit that the current set of packages isn’t perfect and deprecate a bunch of them.