[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: imagemagick@6.9.11-48 to graft or not to graft with 6.9.12-2

From: Mark H Weaver
Subject: Re: imagemagick@6.9.11-48 to graft or not to graft with 6.9.12-2
Date: Tue, 23 Mar 2021 19:05:42 -0400

Hi Leo,

Leo Famulari <> writes:

> On Tue, Mar 23, 2021 at 03:38:02PM +0100, Léo Le Bouter wrote:
>> For this, the problem is not grafting but that the replacement package
>> definition has been made public, this is an "issue" (?) that is known
>> and I try to not make replacement package definitions public now.
> The replacement should be public in this case. We want people to get the
> updated ImageMagick when they do `guix install imagemagick`.

That should happen anyway, even without making the replacement package
public.  I certainly *hope* that's what happens.  If not, that's a
serious security flaw in Guix.

Also, I'm not sure why you qualify your suggestion with "in this case".
What is it that distinguishes ImageMagick from, e.g. glib, for purposes
of this question?  Would it be any less bad for "guix install glib" to
install a glib with security flaws?

It would be good to reach agreement on whether replacement packages
should be made public.  I haven't thought much about it, so I don't know
what the relevant issues are.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]