Re: imagemagick@6.9.11-48 to graft or not to graft with 6.9.12-2

[Ludovic Courtès]

Hi again!

Ludovic Courtès <ludo@gnu.org> skribis:

> It’s also unclear to me that ImageMagick can be meaningfully grafted.
> Are there users of libMagick*.so in external packages?  That seems
> unlikely.
>
> On berlin, I see this:
>
> $ guix graph -t referrers 
> /gnu/store/7iwx7rj1ipsbgb9wgimrrflniyxpilw3-imagemagick-6.9.12-2g 
> digraph "Guix referrers" {
>   "/gnu/store/7iwx7rj1ipsbgb9wgimrrflniyxpilw3-imagemagick-6.9.12-2g" [label 
> = "imagemagick-6.9.12-2g", shape = box, fontname = sans];
>   "/gnu/store/7iwx7rj1ipsbgb9wgimrrflniyxpilw3-imagemagick-6.9.12-2g" -> 
> "/gnu/store/7iwx7rj1ipsbgb9wgimrrflniyxpilw3-imagemagick-6.9.12-2g" [color = 
> darkviolet];
>   "/gnu/store/7iwx7rj1ipsbgb9wgimrrflniyxpilw3-imagemagick-6.9.12-2g" -> 
> "/gnu/store/wsw9an4lsnqxalwkvycxaa3y0ybp8rxp-ecl-ltk-0.992" [color = 
> darkviolet];
>   "/gnu/store/wsw9an4lsnqxalwkvycxaa3y0ybp8rxp-ecl-ltk-0.992" [label = 
> "ecl-ltk-0.992", shape = box, fontname = sans];
>   "/gnu/store/wsw9an4lsnqxalwkvycxaa3y0ybp8rxp-ecl-ltk-0.992" -> 
> "/gnu/store/wsw9an4lsnqxalwkvycxaa3y0ybp8rxp-ecl-ltk-0.992" [color = 
> peachpuff4];
>
> }
>
> That means ‘ecl-ltk’ is the only package that keeps a reference to
> ImageMagick, and thus, it’s the only one that would benefit from the
> graft.  The graft is useless.

I was plain wrong—apologies for the confusion!

Running:

  guix graph -t referrers 
/gnu/store/cnyiwi6mn53jwmjh7kdvnlmagf3frsa3-imagemagick-6.9.12-2g | xdot -

on my laptop, I see at least emacs-w3m, pstoedit, skribilo, and (of
course) inkscape.

So grafting makes sense.

Consequently, the way forward IMO is to get a 6.9.11 backport of
whatever CVEs it is we are patching and to use such a patched 6.9.11
variant as the replacement.

Does that make sense?

Ludo’.