Hello Security Team, It is currently difficult to support p7zip/p7zip-rar because: - p7zip is an old unmaintained fork of 7-zip - 7-zip has an opaque approach to security & development (security patches hard/impossible to isolate)
This is described more extensively at: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/306 The current issues are not critical but they are piling up: https://security-tracker.debian.org/tracker/source-package/p7zip https://security-tracker.debian.org/tracker/source-package/p7zip-rar 7-zip is generally supportable by upgrading to new upstream releases: https://security-tracker.debian.org/tracker/source-package/7zip https://security-tracker.debian.org/tracker/source-package/7zip-rar We're pondering whether to: - EOL p7zip in bookworm and earlier (possibly patching rdeps to use unar/zip/unrar-free/etc.) - replace p7zip by 7zip in bookworm and earlier, as in trixie (and upgrade bookworm's 7zip, also introducing 7zip-rar) Do you have an opinion on this? Would you be open to transitioning from p7zip to 7zip in bookworm? Cheers! Sylvain Beucler Debian LTS Team (Cc: Robert Luberda who previously maintained the p7zip package)
