diff --git a/debian/changelog b/debian/changelog
index 9b4e1b0f04..d795e4f0c3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,11 @@
 git-annex (5.20140320~bpo70+1) wheezy-backports; urgency=medium
 
   * Updating backport to newest release.
+  * Note that this backport does not feature constant time webapp auth token
+    comparisons. It's not recommended to use the webapp on multiuser systems,
+    since another use may be able to use a timing attack to guess its auth 
+    token. If you need that, it should not be hard to backport
+    haskell-securemem.
 
  -- Joey Hess <joeyh@debian.org>  Wed, 26 Mar 2014 15:16:09 -0400
 
diff --git a/debian/control b/debian/control
index 06b42f2e0a..1c8c1975f1 100644
--- a/debian/control
+++ b/debian/control
@@ -38,8 +38,6 @@ Build-Depends:
 	libghc-warp-tls-dev [i386 amd64 kfreebsd-i386 kfreebsd-amd64 powerpc sparc],
 	libghc-wai-dev [i386 amd64 kfreebsd-i386 kfreebsd-amd64 powerpc sparc],
 	libghc-wai-logger-dev [i386 amd64 kfreebsd-i386 kfreebsd-amd64 powerpc sparc],
-	libghc-securemem-dev,
-	libghc-byteable-dev,
 	libghc-case-insensitive-dev,
 	libghc-http-types-dev,
 	libghc-blaze-builder-dev,
diff --git a/git-annex.cabal b/git-annex.cabal
index 94b29b5c24..89146213c3 100644
--- a/git-annex.cabal
+++ b/git-annex.cabal
@@ -183,11 +183,10 @@ Executable git-annex
      yesod, yesod-default, yesod-static, yesod-form, yesod-core,
      http-types, transformers, wai, wai-logger, warp, warp-tls,
      blaze-builder, crypto-api, hamlet, clientsession,
-     template-haskell, data-default, aeson, network-conduit,
-     byteable
+     template-haskell, data-default, aeson, network-conduit
     CPP-Options: -DWITH_WEBAPP
   if flag(Webapp) && flag (Webapp-secure)
-    Build-Depends: warp-tls (>= 1.4), securemem
+    Build-Depends: warp-tls (>= 1.4), securemem, byteable
     CPP-Options: -DWITH_WEBAPP_SECURE
 
   if flag(Pairing)