GNU bug report logs -
#31444
'guix health': a tool to report vulnerable packages
Previous Next
Full log
Message #19 received at 31444 <at> debbugs.gnu.org (full text, mbox):
Hi!
Nils Gillmann <ng0 <at> n0.is> skribis:
> Did you intend to attach a patch to one of the 3 or 4 messages that made
> it to the bugtracker? I've checked when you've sent the message and today
> and saw no patches. I'm interested in the code, the general idea sounds good.
They eventually made it there:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=31442
But Debbugs is weird; for some reason for it failed to reply for several
hours.
>> I think that longer-term we probably need to attach this kind of
>> meta-data to packages themselves, by adding a bunch of files in each
>> package, say under PREFIX/guix. We could do that for search paths as
>> well.
>
> If you mean with metadata what I understand:
> I've started playing with this idea a while back. It would be good to attach
> more information to the package, mentioned in the past was "support the developers"
> links (not everyone publishes this on their website).
> Personally I'm going to make use of the "maintainer" function for packages,
> so people know where (hopefully relatively) exactly the package came from.
Well this is not the kind of meta-data I had in mind, and for that I
think a field in <package> is good enough.
> Anyways, I have some other package related experiments.. Did you have anything
> else in mind, other than search-paths and CVE information?
Not really, but that would be extensible.
The bigger picture is that of packages that would remain live data
structures, as Ricardo proposed a while back. I don’t think we can go
this far (in the sense of being able to reconstruct a <package> from its
output), but having some metadata kept around can help.
Thanks,
Ludo’.
This bug report was last modified 1 year and 274 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.