GNU bug report logs - #40142
(guix cve) discards configuration "vendor", leading to false positives

Previous Next

Package: guix;

Reported by: Brice Waegeneire <brice <at> waegenei.re>

Date: Fri, 20 Mar 2020 09:11:02 UTC

Severity: normal

Full log

Message #11 received at 40142 <at> debbugs.gnu.org (full text, mbox):

From: Brice Waegeneire <brice <at> waegenei.re>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 40142 <at> debbugs.gnu.org
Subject: Re: bug#40142: CVE checker return false positives
Date: Sat, 21 Mar 2020 16:57:33 +0000

Hello,

On 2020-03-21 16:25, Ludovic Courtès wrote:
> Probably the fix would be to preserve the vendor part in the API and to
> somehow use it meaningfully.
> 
> Ideas & patches welcome!

I'll see what I can write a patch to fix it then.

>> Also note the missing / on the first line and it output on `stderr'
>> instead of `stdout'.
> 
> What do you mean?

I misunderstood the meaning of “gnu/packages/version-control.scm:149:2:”
and thought there was a missing / before “gnu/”; this is irrelevant. 
About
the output stream of “guix lint” I think it should output to `stdout', 
not
`stderr' as it's currently the case.

Brice.
This bug report was last modified 5 years and 163 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.