From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52244) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e76XU-0005XJ-7E for guix-patches@gnu.org; Tue, 24 Oct 2017 17:15:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e76XP-0008Fj-39 for guix-patches@gnu.org; Tue, 24 Oct 2017 17:15:08 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:51635) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e76XO-0008FZ-Tn for guix-patches@gnu.org; Tue, 24 Oct 2017 17:15:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1e76XO-0003x7-3K for guix-patches@gnu.org; Tue, 24 Oct 2017 17:15:02 -0400 Subject: [bug#28972] [PATCH] gnu: Remove unrar. Resent-Message-ID: Date: Tue, 24 Oct 2017 17:14:52 -0400 From: Leo Famulari Message-ID: <20171024211452.GB8739@jasmine.lan> References: <20171024190743.t7yhrfcrltrjlbt4@abyayala> <8be5d04d-4ce1-3b8b-31df-a68bdff4da4e@cock.li> <20171024202552.GA4719@jasmine.lan> <20171024204032.ouumwcg6dyr2lvgo@abyayala> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="mojUlQ0s9EVzWg2t" Content-Disposition: inline In-Reply-To: <20171024204032.ouumwcg6dyr2lvgo@abyayala> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: ng0 Cc: 28972@debbugs.gnu.org --mojUlQ0s9EVzWg2t Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 24, 2017 at 08:40:32PM +0000, ng0 wrote: > > On Tue, Oct 24, 2017 at 10:09:00PM +0200, nee wrote: > > > The closest replacement that I know is libarchive, it's not a > > > commandline utility like unrar, but it is used in file-roller which = can > > > open some rars. >=20 > The problem is "some". Does anyone know what the problem is that prevents "some" from becoming "all"? File-roller is a graphical application, so it's not really a replacement for unrar anyways, even if it could handle all the same files. Is there really no command-line alternative to our buggy unrar? > As I pointed out in the previous email, mc uses it. > I personally use unrar for some files which are older than 15 years, > but I'm okay with just taking our unrar and maintain it in my repository. >=20 > The reason why I'm asking to reconsider until we have a replament is > software such as mc. We can not[*] search every line of sourcecode > of packages we have to see where unrar is implicitly used without > a store reference. Okay, thanks for this information. It's true that we can't effectively search for this kind of command-line use. We had mc packaged for a few years before unrar was added, so the fact that mc can use unrar does not mean that we must keep unrar. My opinion is that keeping unrar packaged even though it can be exploited by attackers who can provide a crafted RAR file does not help Guix users. --mojUlQ0s9EVzWg2t Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlnvrUwACgkQJkb6MLrK fwh4cg/+Mt8QpG8tphYMvHoUIwDuz/8GIRYxuFqMzt+uILj6uskkbmGzvAaRZowR uBk+vDYJWg0GWOPzrv8Zx91djEEU3hqWDaIdGh86AEMzFzkWhtB0ouDHc4WdDiA7 4TOwW/G/19CsTS3LksA16GXcUzgygx3YYRRCZrOTYRSfFyIYd3vwhkyMRzW2MNPP x38Hji1i3JwCpvLd5/4niPhO9TtgpWyX7IvioowR08/RIBlxuFnfzAEf+gTiDytc pjy2+/kJ4XoS4+vCjhiit96rSJB62DT9rAfYNVLLXe3qd/ua3CCSE963jP0wauRl +TXl+mBwcXuWcXfv0yieViNxmWlAMWDgIiiBGo9yPC29LOxQJHp8Cg9u13Ciwb0v Jo+xb9lstTsdKRdY8ExhbfDIpfrtNl1BH7C2fZ1Nuk3S7aDvDU5oOStDEoRx9iw8 IqmRUdqctBN/pJiyZ3Z1/1URW+K7kcYxKO8Iy0yj5nRXkZE8K8eTtYgpSjotg/cV n8F7Lg5yGe4yWnCKyATaBjL/bk9TzHZ2jtVDtV6F0SpUQJf9rZu4CSjtTYX5QTk1 GVj6VkL6zCVglNsskpK6E+0QTkCHem0ZxC5LEvrmxdII8wgegyuiVNnwBlWJpPa+ AtHT43D4es33e360cc3H7IjBNu6lBx5+Kh8ctt/W2eMIU6UK6CY= =DKsq -----END PGP SIGNATURE----- --mojUlQ0s9EVzWg2t--