Wheezy update of unrar-nonfree?

To: Martin Meredith <mez@debian.org>
Cc: debian-lts@lists.debian.org, 865461-quiet@bugs.debian.org
Subject: Wheezy update of unrar-nonfree?
From: Raphael Hertzog <hertzog@debian.org>
Date: Thu, 22 Jun 2017 15:20:02 +0200
Message-id: <[🔎] 20170622132002.zmjbgz3s54ui47fr@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Martin Meredith <mez@debian.org>, debian-lts@lists.debian.org, 865461-quiet@bugs.debian.org

Hello Martin,

The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of unrar-nonfree:
https://security-tracker.debian.org/tracker/source-package/unrar-nonfree

We know that the package is non-free and thus not generally part of what
Debian is supporting on stable releases but we have a fair number of LTS
sponsors using it and it would thus be nice to see it fixed in
wheezy-security and in jessie/stretch (through
jessie-proposed-updates/stretch-proposed-updates since the security team
is not supporting non-free packages).

To avoid spending too much time on backporting fixes, we're open to
just pushing the latest upstream release in wheezy-security.
Unfortunately, the fix to this issue seems to be only in beta versions so
far and those beta version did not yet have any corresponding source code
release? Can your confirm this?

On http://www.rarlab.com/rar_add.htm I only see version 5.5.5 with source
code (which is newer than what is unstable BTW)... while
http://www.rarlab.com/download.htm mentions version 5.50 beta 4. The
former is UnRAR while the latter is RAR but I somehow hope that they are
maintained in sync. If they are different, where can we see the changelog
in the UnRAR release?

In any case, if you plan to handle the wheezy update, please follow the
workflow we have defined here:
https://wiki.debian.org/LTS/Development

If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts@lists.debian.org
(via a debdiff, or with an URL pointing to the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. Indicate clearly whether you
have tested the updated package or not.

If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.

You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of unrar-nonfree updates
for the LTS releases.

Thank you very much.

Raphaël Hertzog,
  on behalf of the Debian LTS team.

PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to:

Follow-Ups:
- Re: Wheezy update of unrar-nonfree?
  - From: Martin Meredith <martin@sourceguru.net>

Prev by Date: Re: Accepted libffi 3.0.10-3+deb7u1 (source amd64) into oldoldstable
Next by Date: Re: Accepted libffi 3.0.10-3+deb7u1 (source amd64) into oldoldstable
Previous by thread: Re: Wheezy update of openvpn?
Next by thread: Re: Wheezy update of unrar-nonfree?
Index(es):
- Date
- Thread