guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A "cosmetic changes" commit that removes security fixes


From: Raghav Gururajan
Subject: Re: A "cosmetic changes" commit that removes security fixes
Date: Wed, 21 Apr 2021 23:17:30 -0400

Hi Mark!

Those commits on 'core-updates' were digitally signed by Léo Le Bouter
<lle-bout@zaclys.net> and have the same problems: they remove security
fixes, and yet the summary lines indicate that only "cosmetic changes"
were made.

Yeah, the commit title didn't mention the change but the commit message did.

I'm sorry to say that your responses have done nothing to allay my
concerns.

For glib, IIRC, we updated package to latest version and guix lint didn't show any more CVEs. Also, I think the change was added as part of the cosmetic change commit, to cleanly apply succeeding patches.

For cairo, let me get back to you.

Regards,
RG.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]