[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#48304] [PATCH] gnu: expat: Update via graft.
From: |
Leo Famulari |
Subject: |
[bug#48304] [PATCH] gnu: expat: Update via graft. |
Date: |
Sun, 9 May 2021 11:22:54 -0400 |
On Sun, May 09, 2021 at 04:37:39PM +0200, Leo Prikler wrote:
> Indeed, the mail they dropped over at guix-devel made it seem as though
> not being on 2.3.0 was a security risk already. The ChangeLog does
> mention some items worth fuzzing over.
In general, all updates are security updates. But we shouldn't / can't
update all core packages with grafts just because. Grafting is a kludge
that doesn't always work as expected (and the problems are hidden), and
it has a high I/O performance cost.
So, let's wait for a security advisory.