I agree (and I think everybody does) that if there is a pullup, that the new package should be built, assuming someone(tm) does the work and has the cpu/etc. time. What I am objecting to is trying to remove packages from our ftp space *because* they have vulnerabilities. That's what I sensed you wanted to do.
Oh. My apologies for not being clearer. I only remove packages when new ones have already been built and uploaded to replace the old ones.
John