I'm a concerned package user looking at this. According to tracker, yubico-piv-tool is slated for auto-removal because it fails to build with OpenSSL 1.1. However, the report shows that the version that fails to build is 1.0.3-1, whereas the current version in Sid and Stretch is 1.4.2-1. What's up with that?