GNU bug report logs - #28972
[PATCH] gnu: Remove unrar.

Previous Next

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: ng0 <ng0 <at> infotropique.org>
Cc: nee <nee <at> cock.li>, 28972 <at> debbugs.gnu.org
Subject: [bug#28972] [PATCH] gnu: Remove unrar.
Date: Tue, 24 Oct 2017 17:14:52 -0400

[Message part 1 (text/plain, inline)]

On Tue, Oct 24, 2017 at 08:40:32PM +0000, ng0 wrote:
> > On Tue, Oct 24, 2017 at 10:09:00PM +0200, nee wrote:
> > > The closest replacement that I know is libarchive, it's not a
> > > commandline utility like unrar, but it is used in  file-roller which can
> > > open some rars.
> 
> The problem is "some".

Does anyone know what the problem is that prevents "some" from becoming
"all"?

File-roller is a graphical application, so it's not really a replacement
for unrar anyways, even if it could handle all the same files. Is there
really no command-line alternative to our buggy unrar?

> As I pointed out in the previous email, mc uses it.
> I personally use unrar for some files which are older than 15 years,
> but I'm okay with just taking our unrar and maintain it in my repository.
> 
> The reason why I'm asking to reconsider until we have a replament is
> software such as mc. We can not[*] search every line of sourcecode
> of packages we have to see where unrar is implicitly used without
> a store reference.

Okay, thanks for this information. It's true that we can't effectively
search for this kind of command-line use.

We had mc packaged for a few years before unrar was added, so the fact
that mc can use unrar does not mean that we must keep unrar.

My opinion is that keeping unrar packaged even though it can be
exploited by attackers who can provide a crafted RAR file does not help
Guix users.

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.