Comment # 2 on bug 1234550 from Alexandre Vicenzi

gokart last release was on Sep 22, 2022, and reached EOL on Apr 9, 2024.

Checking gokart sources and vendored dependencies for 0.5.1 does not show any
calls to ServerConfig.PublicKeyCallback.

It is safe to say that the CVE does not affect gokart since it does not use the
affected code in golang.org/x/crypto/ssh.

Since this project reached EOL, it is best to remove from Factory and avoid
pulling it in future SLE releases.

Andrea, can we close this?