libapache2-mod-security was removed from Debian because of licensing issues.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=313615

The licensing issue was resolved on June 18th 2008
http://blog.modsecurity.org/2008/06/modsecurity-lic.html

Lenny was frozen 27th June 2008.
http://lists.debian.org/debian-devel-announce/2008/07/msg00007.html

Alberto was working on this 21th June, but it didn't get in before the freeze.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487431

What I don't understand is if there is scope to include this package in Debian Lenny, or if/how it will be available to users of Lenny. Presumably one can get it from unstable but that is not really satisfactory, because you have to know it is there - hence this post, and one would not have security support etc. I assume updates to Lenny could include this with full security support, as point releases often add functionality like this.

Doesn't really affect me directly. But I'd like to understand the processes.