Re: A "cosmetic changes" commit that removes security fixes

[Mark H Weaver]

Hi Raghav,

Raghav Gururajan <rg@raghavgururajan.name> writes:

> Okay, I was able to retrace. When Leo and I were working outside 
> savannah, there was master --> core-updates merge. Leo made these 
> changes when he committed to his repo 
> (https://logs.guix.gnu.org/guix/2021-03-26.log#000811), from which I 
> pulled then format-patched and sent it to guix-patches 
> (https://issues.guix.gnu.org/42958#64). From guix-patches it was then 
> pushed to core-updates (https://issues.guix.gnu.org/42958#67), from 
> where I cherry-picked into wip-gnome.
>
> It seems Leo made these for ungrafting. I not familiar with ungrafting, 
> so I have to let Leo explain.
>
> P.S
> The commit title for these commits were initially "Ungraft and make some 
> cosmetic changes.", I must have screwed up the tile while moving the 
> patches. For that my apologies.
>
> [1] 
> https://git.sr.ht/~lle-bout/guix/commit/6477daa338fbf1c9edacfc3690aca77cacfe0008
> [2] 
> https://git.sr.ht/~lle-bout/guix/commit/a045a48dd961f0c5c3d536dcc3fd21d9c08d2d50

Both of these patches have all of the same problems.  The only
difference is that their summary lines say "Ungraft and make some
cosmetic changes."

(1) These original summary lines are still misleading, because "ungraft"
    means to integrate the fixes from the replacement into the original,
    but here, the fixes are simply being deleted.

(2) These original commit logs are still misleading, for the same reason
    I gave in my previous reply.

(3) The 'cairo' commit still re-introduces security flaws into our
    'cairo' package.

What worries me as much as anything is that your responses so far seem
to indicate that you are failing to understand what you and Léo have
done wrong here.

       Mark