(Discussion/rfc) Should libaudiofile dependency be removed?

Description:

Perhaps a trivial issue but it got me thinking... I was looking through the enabled decoder plugins in mpd and noticed the following:

 [sndfile] wav aiff aif au snd paf iff svx sf voc w64 pvf xi htk caf sd2
 [audiofile] wav au aiff aif

It appears that libsndfile provides support for all the formats that libaudiofile does, making it redundant. libaudiofile is unmaintained upstream and has not seen a release in over 11 years, while having many years-long open issues about build failures, UB, and memory issues. On the other hand, libsndfile is actively maintained and is covered by oss-fuzz. So libaudiofile seems like an attack-surface minefield in comparison; it is not apparent to me that there would be any downside to compiling without it in order to cut out a potentially troublesome lib (it's not entirely inconceivable that mpd could be exposed to untrusted input). This is one of only a handful of packages still depending on it in Arch.

I'm curious for more thoughts on the matter

Additional info:

• package version(s): 0.23.15-6
• config and/or log files:
• link to upstream bug report, if any: