GNU bug report logs - #47193
Fancify guix lint -c cve output

Previous Next

Package: guix-patches;

Reported by: Tobias Geerinckx-Rice <me <at> tobias.gr>

Date: Tue, 16 Mar 2021 16:01:02 UTC

Severity: normal

Full log

View this message in rfc822 format

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Léo Le Bouter <lle-bout <at> zaclys.net>
Cc: 47193 <at> debbugs.gnu.org
Subject: [bug#47193] Fancify guix lint -c cve output
Date: Tue, 16 Mar 2021 22:12:46 +0100

[Message part 1 (text/plain, inline)]
Léo!

Léo Le Bouter via Guix-patches via 写道:
> guix/cve.scm:328:18: warning: possibly unbound variable 
> `cve-item-base-
> severity'

One dark and stormy night I turned away an old woman at my doors, 
and ever since I have been cursed to include at least one stupid 
typo in each patch I send.  True story.

Thanks for testing.  Fixed but it should not affect running guix 
lint.

> I also just tried it on patch package and it fails:

Hmm.  I bet ‘rm -rf ~/.cache/guix/http’ will make this go 
conveniently away, just like lady stormypants.

> (v "CVE-2021-0212" (("contrail_networking" ...

This is a stale cache file lacking the newly added ‘severity’ 
field:

(v "CVE-2021-0212" "MEDIUM" (("contrail_networking" ...

I bumped the format version to 2 in (guix cve) to signal this 
incompatible change, but it appears this field may exist merely as 
a friendly reminder to actually add version handling some day...?

I guess today is that day.

Bah,

T G-R

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 4 years and 76 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.