GNU bug report logs - #47144
security patching of 'patch' package

Previous Next

Package: guix;

Reported by: Mark H Weaver <mhw <at> netris.org>

Date: Sun, 14 Mar 2021 21:39:02 UTC

Severity: normal

Tags: security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #59 received at 47144 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: Mark H Weaver <mhw <at> netris.org>, Leo Famulari <leo <at> famulari.name>,
 Vivien Kraus <vivien <at> planete-kraus.eu>, 47144 <at> debbugs.gnu.org
Subject: Re: [PATCH 3/3] gnu: patch: Graft to latest commit [security fixes].
Date: Sat, 01 Jun 2024 16:32:55 +0200

Hi Maxim,

Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:

>  (define-public patch
>    (package
> +    (replacement patch/fixed)

Unless I’m mistaken, this will have practically no effect because Patch
is a build-time-only dependency.

My recommendation would be to not add a ‘replacement’ field at all.
Instead, you could add a new ‘patch/latest’ public variable pointing to
that commit that you picked.  That way, users running ‘guix install
patch’ or similar will get the latest version of Patch.

On the next ‘core-packages-team’ cycle, we’d update Patch to refer to
that commit.

WDYT?

Ludo’.

This bug report was last modified 333 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47144 security patching of 'patch' package

GNU bug report logs - #47144
security patching of 'patch' package