Bug#789256: cmus: Pulls in unwanted and potentially dangerous DECnet packages through libroar2
James Cowgill
james410 at cowgill.org.uk
Fri Jun 19 11:02:31 UTC 2015
Control: severity -1 important
On Fri, 2015-06-19 at 10:52 +0200, John Paul Adrian Glaubitz wrote:
> Package: cmus
> Version: 2.5.0-7+b1
> Severity: serious
> Justification: potentially breaks other packages
>
> Hello!
>
> As previously discussed, I am opening a bug report against cmus to drop
> ROAR support from cmus. The reason is that ROAR still depends on libdnet
> which is potentially dangerous as it may disrupt a user's network
> configuration [1] for users who run apt-get with --install-suggests
> and a consequently, the removal of ROAR audio support was previously
> requested in Debian [2] as well as Ubuntu [3].
Using apt-get with --install-suggests isn't that common so I don't
think this warrants an RC severity (it doesn't break the package for
everyone).
If you look at the status of DECnet:
No kernel maintainer (except general net/ maintenance):
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/MAINTAINERS?id=v4.1-rc8#n3060
dnprogs upstream appears to be dead:
http://sourceforge.net/projects/linux-decnet/
dnprogs is orphaned:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750670
IMHO dnprogs should be removed and roaraudio should drop support for
DECnet - unless someone who actually uses DECnet is willing to maintain
this stuff.
Related bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755934
This would also mean that this bug would be fixed for any other
consumers of roaraudio.
Thanks,
James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20150619/e4a2515e/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list