Bug#789256: cmus: Pulls in unwanted and potentially dangerous DECnet packages through libroar2

John Paul Adrian Glaubitz glaubitz at physik.fu-berlin.de
Sat Jun 20 18:46:17 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 06/20/2015 08:25 PM, Jonas Smedegaard wrote:
>> glaubitz at ikarus:~$ apt-cache depends cmus | grep libroar2 
>> Recommends: libroar2 glaubitz at ikarus:~$
> 
> I agree that cmus pulls in libroar2.  Why is that dangerous?

Because libroar _depends_ on libdnet which is an unwanted dependency for
most users for one:

> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755934 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675014 
> https://bugs.launchpad.net/ubuntu/+source/cmus/+bug/923027

And libdnet breaks cmus on some configurations as I have explained
now several times.

>> My elaborations regarding "--with-suggests" were regarding the
>> case that Alessio would drop libroar2 from Recommends to
>> Suggests.
> 
> If you mean to say that "--with-suggests" is irrelevant to discuss
> here, then I agree: Use of special package install options should
> be irrelevant when dicussing whether cmus is dangerously broken or
> not.
> 
> If you mean something else then please elaborate.

No, I'm sorry. You misread what I wrote. Really, read my first message
in this bug report.

>> Currently cmus is definitely getting stuck on a _fresh_ install,
>> simply by installing with "apt-get install cmus".
> 
> On those systems where you experience cmus being stuck, is the
> package "dnet-common" also installed (or was it ever)?

No. I never claimed that.

> If so, you will need to figure out how that got installed, and I am
>  quite certain the cause is *not* cmus and therefore this bugreport
>  against cmus is bogus.

It isn't bogus because, as several people have explained several times,
the maintainer of roaraudio refuses to drop DECnet support.

Adrian

- -- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz at debian.org
`. `'   Freie Universitaet Berlin - glaubitz at physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVhbT5AAoJEHQmOzf1tfkTfXoP/RYcW0SdV2rtCoXTt+eCWD4B
80Bp4i7rX+oNXod6CiGX5gsF9d9inLTH0Mpbk9kgc1LOG6VWESHJ+M6cPyvQBGjU
d8oRcpqi7tuTfzlc4Fv1POyj8EZRDvWFZAznh/GZyC70Cv28elZupz4MDPlKVlMs
lWxshWYyrp9K+Kbty8WjloWvmqtHLE6YR3/akkTYbWlVPW7rMBPtFwcx2C5KE2f0
dyfz27iAUBEyTitWIc6yndU1EFlWCRYk4Y74zxU19R2rt7cICMoTY0E3F3iYgrl0
NTq0Bq+oEvR56ipoTqUYw9in9DoZeJKvUeoSITXIBxsv7U7nIQP+WdMfI8VApdEV
NkE0HlQqk4TGjievFtnBbWDpan9hHMQCP4rx6FMgN2TcGm4PpbSJnvy58jQ7K5Fg
AabE7wxuWL0ZeqneogPx0vFBLolOEQg2bBjW5pFzWh0nb/bTqwPk+Pev7Eit2IQv
/WHLNUF1xQp+0s4klCaoBew+0h4HTbCKwxp7MPGvEb7kC1iikME/sY8rL3wiau4R
Z6Kvkj0aAMz8J1l+AcTXV5YP+mc6cLd/e4Rjg9DvT1Bian6TmVE3JFvr1OQQeTY5
p/0UTsi+w21wX7cxyG6nqv67znriIq2oIzzwOQ1Q2tAd5CJS5wUuVWZDk7sgDPS4
H7ofH26Jxg5Cl1ErBorf
=FRG2
-----END PGP SIGNATURE-----

More information about the pkg-multimedia-maintainers mailing list