Version 3.0.3-1 of ruby-devise-two-factor is marked for autoremoval from testing on Mon 18 Feb 2019. It depends (transitively) on ruby-attr-encrypted, affected by #918389. You should try to prevent the removal by fixing these RC bugs.
Last update: 2019-01-21
Standards version of the package is outdated.
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.3.0 instead of