GNU bug report logs - #40478
feature request/idea: guix pull --news should show information about new package replacements

Previous Next

Full log

Message #8 received at 40478 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Jack Hill <jackhill <at> jackhill.us>
Cc: 40478 <at> debbugs.gnu.org
Subject: Re: bug#40478: feature request/idea: guix pull --news should show
 information about new package replacements
Date: Tue, 07 Apr 2020 11:54:24 +0200

Hi,

Jack Hill <jackhill <at> jackhill.us> skribis:

> I'm an avid reader of `guix pull --news`. I like learning about new
> and updated software. However, I noticed that when a package gains a
> new replacement (e.g. for a security fix via grafting), it is not
> mentioned. We do not show all changes to package definitions in the
> new, but since a new replacement is often for a security fix, I think
> it is significant enough to warrant showing in the news. I'm imagining
> something like:
>
> """
> n packages with new replacements: gnutls, …
> """
>
> or perhaps:
>
> """
> n packages with new grafts: libxml, …
> """
>
> I haven't yet though about the implementation of this. I would want to
> avoid doing too much extra work for `guix pull --news`.
>
> What do you think?

I think it’s a great idea!

It would be even better if the message were higher-level:

  The following security issues were fixed:
    CVE-XYZ (gnutls), CVE-123 (icecat), etc.

The (guix cve) module would come in handy but it would be hard to
implement efficiently, I think.

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.