[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#48304] [PATCH] gnu: expat: Update via graft.
From: |
Marius Bakke |
Subject: |
[bug#48304] [PATCH] gnu: expat: Update via graft. |
Date: |
Sun, 23 May 2021 17:33:05 +0200 |
merge 48304 48612
thanks
Leo Famulari <leo@famulari.name> skriver:
> On Sun, May 09, 2021 at 04:37:39PM +0200, Leo Prikler wrote:
>> Indeed, the mail they dropped over at guix-devel made it seem as though
>> not being on 2.3.0 was a security risk already. The ChangeLog does
>> mention some items worth fuzzing over.
>
> In general, all updates are security updates. But we shouldn't / can't
> update all core packages with grafts just because. Grafting is a kludge
> that doesn't always work as expected (and the problems are hidden), and
> it has a high I/O performance cost.
>
> So, let's wait for a security advisory.
I opened a similar discussion about the security fix in Expat 2.4.0
recently and am merging with this issue (which I had not seen):
https://issues.guix.gnu.org/48612
signature.asc
Description: PGP signature