From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 18 06:37:09 2021 Received: (at submit) by debbugs.gnu.org; 18 Mar 2021 10:37:09 +0000 Received: from localhost ([127.0.0.1]:45181 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMq1c-0007kr-Tv for submit@debbugs.gnu.org; Thu, 18 Mar 2021 06:37:09 -0400 Received: from lists.gnu.org ([209.51.188.17]:34520) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMq1b-0007kj-U2 for submit@debbugs.gnu.org; Thu, 18 Mar 2021 06:37:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59008) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lMq1b-0004cH-MW for bug-guix@gnu.org; Thu, 18 Mar 2021 06:37:07 -0400 Received: from mail.zaclys.net ([178.33.93.72]:54355) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lMq1Z-0000bh-Fd for bug-guix@gnu.org; Thu, 18 Mar 2021 06:37:07 -0400 Received: from [192.168.0.27] (82-64-145-38.subs.proxad.net [82.64.145.38]) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12IAb1i9022433 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 18 Mar 2021 11:37:02 +0100 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12IAb1i9022433 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1616063822; bh=j6JcH1wi6N04VXmLvCXPJzDbubvvFsbD5Y3DYDd4AC0=; h=Subject:From:To:Date:From; b=lMZatqNRetEcovEtXD9x6ycrBsbpHTGfyMZFd/F4qRW5oMgSKgncI1YNDV6OfpA2L sclleQUtt22gbQOUKszarpOPFr1EVR76sBVaxyjoaDQM7lNlfZHNTEmC+XqY4FvGJR jU67uHB4VNdTchWWxWm2GZwQz2fhd8mC6UD6AZBw= Message-ID: <22d6fde28a4646254061f56c342fb75d2a2846d9.camel@zaclys.net> Subject: Check binary consistency after grafting with e.g. ldd From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: bug-guix@gnu.org Date: Thu, 18 Mar 2021 11:37:01 +0100 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-hXQN/CqgR0njEMbkFqNK" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Received-SPF: pass client-ip=178.33.93.72; envelope-from=lle-bout@zaclys.net; helo=mail.zaclys.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-hXQN/CqgR0njEMbkFqNK Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello! We had an issue after grafting ImageMagick fixed by < https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D2e0ff59f0cd836b156f= 1ef2e78791d864ce3cfcd >. Basically Inkscape did not work because ImageMagick's soname had been bumped (probably for forward compat?): /gnu/store/g75q5v1gqi4x08qcf1ydfl9xhp4slmxy-inkscape- 1.0.2/bin/.inkscape-real: error while loading shared libraries: libMagickCore-6.Q16.so.6: cannot open shared object file: No such file or directory It seems technically possible to automatically check for this kind of breakage, therefore I suggest we run ldd (might actually run code from the binary) or objdump -x (pure static analysis), so after grafting we could check that every binary can load all it's dependents declared in the ELF headers successfully and report errors if not? What do you think? L=C3=A9o --=-hXQN/CqgR0njEMbkFqNK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBTLU0ACgkQRaix6GvN EKZJrg//Wdostj078M1GrVVw5Zi0WBgqQp2GEk10TE0a3gwmbcqOEjwzR1kk7lRc ic4UqVVkhT/gu+89B3d+MXc1c9I/etHqZfAZmrBzNso26zi5qsmL2V/HA82KdQRE fAO7ijsgavQoZ+8m/+k8oE7frlEkUqeTx57ZL++XQByOMGVK+Q+VRmPTt0Uej3MA Um1GqmOaA44W/Bbec6rf0lNKQ08v1kCGDbDRRqDrzkT4apiA/wYgYgCkS9JWKL0I tQaAbgSJj3AygHQwgZX/SGjFk3ZjdwnX0YHOfwg6VTLLT1KYdxJPy4EkYE+cVQ5M v1mdMN9t0hJIgb3nWLs3Jha46WpTBPf2U7v2/kbH/HbD0FaZdrFV82k7gm8eh1l0 neOyiEi19dtZr2OqCuobl6DhsQZndA7RD4+UtenMbVu5wQfX3bZiO+RuHIijPTs3 jBd39RIfPfzJQ+80A+x7QxBX1bIy8yKCvWIOBtC/YQ5uo25XX/QhA9x2tHQvTbPF frtLwRGXtmS6hR824fL1oBQnWwm8JCvodU80PqSnCEhBqR6dX1OeNZPx7ucGgJ7m LKFg7GgkziEYgv1RhV/uqF2bonXdgSQEV6ZDsqCOQledxB/DxQB+z6uw8DKiLldy gPhZ+ZgiDoRTmLXCmMqkTrI8IigpN0ARkkUcTdhp21bnfUWQ1oM= =Getz -----END PGP SIGNATURE----- --=-hXQN/CqgR0njEMbkFqNK-- From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 18 09:38:29 2021 Received: (at 47228) by debbugs.gnu.org; 18 Mar 2021 13:38:29 +0000 Received: from localhost ([127.0.0.1]:45405 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMsr6-0001rA-6c for submit@debbugs.gnu.org; Thu, 18 Mar 2021 09:38:29 -0400 Received: from eggs.gnu.org ([209.51.188.92]:52026) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMsr4-0001qx-Kc for 47228@debbugs.gnu.org; Thu, 18 Mar 2021 09:38:27 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55036) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lMsqy-00085v-RC; Thu, 18 Mar 2021 09:38:20 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53186 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lMsqw-00086f-Ei; Thu, 18 Mar 2021 09:38:19 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: =?utf-8?Q?L=C3=A9o?= Le Bouter Subject: Re: bug#47228: Check binary consistency after grafting with e.g. ldd References: <22d6fde28a4646254061f56c342fb75d2a2846d9.camel@zaclys.net> Date: Thu, 18 Mar 2021 14:38:16 +0100 In-Reply-To: <22d6fde28a4646254061f56c342fb75d2a2846d9.camel@zaclys.net> (=?utf-8?Q?=22L=C3=A9o?= Le Bouter"'s message of "Thu, 18 Mar 2021 11:37:01 +0100") Message-ID: <878s6kpoon.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 47228 Cc: 47228@debbugs.gnu.org, Leo Famulari X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi, (Cc: Leo Famulari who has been taking care of many security issues in Guix over years.) L=C3=A9o Le Bouter skribis: > We had an issue after grafting ImageMagick fixed by < > https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D2e0ff59f0cd836b15= 6f1ef2e78791d864ce3cfcd >>. > > Basically Inkscape did not work because ImageMagick's soname had been > bumped (probably for forward compat?): > > /gnu/store/g75q5v1gqi4x08qcf1ydfl9xhp4slmxy-inkscape- > 1.0.2/bin/.inkscape-real: error while loading shared libraries: > libMagickCore-6.Q16.so.6: cannot open shared object file: No such file > or directory > > It seems technically possible to automatically check for this kind of > breakage, therefore I suggest we run ldd (might actually run code from > the binary) or objdump -x (pure static analysis), so after grafting we > could check that every binary can load all it's dependents declared in > the ELF headers successfully and report errors if not? > > What do you think? I don=E2=80=99t think all the testing that needs to be done when grafting c= an be automated. In particular, packagers who want to introduce a replacement for a library should use libabigail=E2=80=99s =E2=80=98abi-diff=E2=80=99 tool to = check that the package and its replacement are ABI-compatible. It=E2=80=99s also a good i= dea to make some quick manual tests. The .so file symlinks in look very scary to me. To me, it=E2=80=99s likely to hide the ABI incompatibility issue rather than =E2=80=9Cfix=E2=80=9D it. L=C3=A9o, please make sure to submit patches for review, as noted in . Such changes do not qualify as =E2=80=9Ctrivial=E2=80=9D and we should stri= ve to get more than one pair of eyeballs on it. Leo F. has always done that, even with years of experience, and I think it=E2=80=99s been fruitful, even when that meant delaying the patch by a co= uple of days. The good thing with being a =E2=80=9Crolling release=E2=80=9D distro is tha= t we can quickly roll out fixes; the bad thing is that we can just as quickly roll out bugs. :-) Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 19 04:59:04 2021 Received: (at 47228) by debbugs.gnu.org; 19 Mar 2021 08:59:04 +0000 Received: from localhost ([127.0.0.1]:48795 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lNAyG-0002Or-Fs for submit@debbugs.gnu.org; Fri, 19 Mar 2021 04:59:04 -0400 Received: from mail.zaclys.net ([178.33.93.72]:46485) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lNAyE-0002OM-6o for 47228@debbugs.gnu.org; Fri, 19 Mar 2021 04:59:03 -0400 Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12J8wtkX014691 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 19 Mar 2021 09:58:55 +0100 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12J8wtkX014691 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1616144336; bh=7LxFDivvt6n9sT9aoUuKeGMJVgo9LegtJpAlyNcew1s=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=ZYkxg6H99xAyqWkuky23Y3Sc7RjLX2vVEtRrrZa1xbaBcI8wCNqFKmav4i1iSCiru 4aV51HLYBJjl0pzKjGTTqNQYqxh3pTrv3KDEhVHGdU4nGNId8VgOYDjsHT4H0o5Sg3 Q+MhYvAQaojoQ4CjHqqI15WFLlE2u/6VinfgKpU8= Message-ID: Subject: Re: bug#47228: Check binary consistency after grafting with e.g. ldd From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Fri, 19 Mar 2021 09:58:55 +0100 In-Reply-To: <878s6kpoon.fsf@gnu.org> References: <22d6fde28a4646254061f56c342fb75d2a2846d9.camel@zaclys.net> <878s6kpoon.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-SIw+urFL1YET49g6muRr" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47228 Cc: 47228@debbugs.gnu.org, Leo Famulari X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-SIw+urFL1YET49g6muRr Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, 2021-03-18 at 14:38 +0100, Ludovic Court=C3=A8s wrote: > I don=E2=80=99t think all the testing that needs to be done when grafting= can > be > automated. Not all but part of it? > In particular, packagers who want to introduce a replacement for a > library should use libabigail=E2=80=99s =E2=80=98abi-diff=E2=80=99 tool t= o check that the > package and its replacement are ABI-compatible. It=E2=80=99s also a good > idea > to make some quick manual tests. That's great! Maybe we can have some quick tooling to in GNU Guix to aid that? > The .so file symlinks in > < > https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D2e0ff59f0cd836b15= 6f1ef2e78791d864ce3cfcd > > > look very scary to me. To me, it=E2=80=99s likely to hide the ABI > incompatibility issue rather than =E2=80=9Cfix=E2=80=9D it. :-/ Yes it is scary, we were having an user with an Inkscape issue on IRC and this commit fixed it for them and they could work without an issue though, we were discussing with rekado and rekado suggested we cheat like this and I've done it, the only alternative we have is porting/applying all patches to our version by digging commit history (with always the doubt of adding an incomplete fix which is likely if we have to dig commit history manually). If nobody can put time to dig patches for all individuals CVEs until we ungraft then I'd rather have this scary commit in. L=C3=A9o --=-SIw+urFL1YET49g6muRr Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBUZ88ACgkQRaix6GvN EKZg/g//VpW5ff/cH8Y6Wz2x5CXlJYbLlcK4eOh6zcNMULwfbaSFx8ay+cUhv3X6 M1zj19I1elqdx8nupsFDV1l3J71PR+TddKmQD/7Q3Ke40BLva3eurr8fOBqJXepn UbA5Da4aBbZxLppU0K0HtO6oxQjEsMnBaLfHMliFXnKeufEi8f81gqHJwjLKsv8e SLboBw9vRrV1pakFDHNYBWznNdUHDNSteE8ql/5xPpwoV5bsECvW86yNBfczL/qV JpCluT+zaORLomlz2X46xDWleh4dvEiRdl4l2JmySzsRbqcfX55nof1dmvKBxBQ1 wMnr82dXSzg1pCy413Ist5iNVU6HxeLNrVr/T/Y9QRpYBm+X/v/6ziGZMmDN3+6y b55y4hq91C9z2T0/lWVdd4pmofYGEhwUs419mP2kE36AFgp19JMPMOV09WIbx6VQ uPUouygDc8p7Q/TCPbsh8ZwJ1m4bOVAFnxm7Jij1bxx3azcOlpmHAabkhunQYcLw 7tCzbdnOKStUapflqHW+qXL++qf0xKUxnBZhai789qSNlYtxEYYtsdrnmGNRolSQ AYgeeUdYjueZbdqZ47zb/HWDNK4Mvw5pGIDyGsAFtKmjliPKvWHGivZqa0H9Vy0p 0iSrqgJD7WRsPgTPCm4qFpP/BdoGEfascIqAKDO9f2CZe/fplX0= =uyW9 -----END PGP SIGNATURE----- --=-SIw+urFL1YET49g6muRr-- From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 19 06:39:54 2021 Received: (at 47228) by debbugs.gnu.org; 19 Mar 2021 10:39:54 +0000 Received: from localhost ([127.0.0.1]:48909 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lNCXp-0007Ht-Og for submit@debbugs.gnu.org; Fri, 19 Mar 2021 06:39:54 -0400 Received: from eggs.gnu.org ([209.51.188.92]:60482) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lNCXo-0007Hg-23 for 47228@debbugs.gnu.org; Fri, 19 Mar 2021 06:39:52 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:53405) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lNCXi-0007wn-HC; Fri, 19 Mar 2021 06:39:46 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=57496 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lNCXh-00035e-Ro; Fri, 19 Mar 2021 06:39:46 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: =?utf-8?Q?L=C3=A9o?= Le Bouter Subject: Re: bug#47228: Check binary consistency after grafting with e.g. ldd References: <22d6fde28a4646254061f56c342fb75d2a2846d9.camel@zaclys.net> <878s6kpoon.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 29 =?utf-8?Q?Vent=C3=B4se?= an 229 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 19 Mar 2021 11:39:44 +0100 In-Reply-To: (=?utf-8?Q?=22L=C3=A9o?= Le Bouter"'s message of "Fri, 19 Mar 2021 09:58:55 +0100") Message-ID: <87sg4rfmvj.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 47228 Cc: 47228@debbugs.gnu.org, Leo Famulari X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi, L=C3=A9o Le Bouter skribis: > On Thu, 2021-03-18 at 14:38 +0100, Ludovic Court=C3=A8s wrote: >> I don=E2=80=99t think all the testing that needs to be done when graftin= g can >> be >> automated. > > Not all but part of it? Not even sure; at least I don=E2=80=99t have any ideas. >> In particular, packagers who want to introduce a replacement for a >> library should use libabigail=E2=80=99s =E2=80=98abi-diff=E2=80=99 tool = to check that the >> package and its replacement are ABI-compatible. It=E2=80=99s also a good >> idea >> to make some quick manual tests. > > That's great! Maybe we can have some quick tooling to in GNU Guix to > aid that? Again it=E2=80=99s on a case-by-case basis, it depends on what you=E2=80=99= re grafting, so I wouldn=E2=80=99t know how to do that. Perhaps a first step would be consolidate this =E2=80=9Cinsider knowledge= =E2=80=9D about security updates and grafts into a check list. >> The .so file symlinks in >> < >> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D2e0ff59f0cd836b1= 56f1ef2e78791d864ce3cfcd >> > >> look very scary to me. To me, it=E2=80=99s likely to hide the ABI >> incompatibility issue rather than =E2=80=9Cfix=E2=80=9D it. > > :-/ Yes it is scary, we were having an user with an Inkscape issue on > IRC and this commit fixed it for them and they could work without an > issue though, we were discussing with rekado and rekado suggested we > cheat like this and I've done it, the only alternative we have is > porting/applying all patches to our version by digging commit history > (with always the doubt of adding an incomplete fix which is likely if > we have to dig commit history manually). It=E2=80=99s the kind of patch that should be reviewed before it gets in. In this case, review will have to happen after the fact, but it still has to happen IMO. I=E2=80=99d prefer not to do it myself; perhaps Leo F. = can take a look? > If nobody can put time to dig patches for all individuals CVEs until we > ungraft then I'd rather have this scary commit in. Security is a spectrum; we=E2=80=99ll never close all CVEs. :-) Security issues often call for quick reaction, but to me that doesn=E2=80= =99t mean we should dismiss our practices and workflow, in particular peer review. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 30 02:50:34 2021 Received: (at control) by debbugs.gnu.org; 30 Mar 2021 06:50:34 +0000 Received: from localhost ([127.0.0.1]:50209 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lR8Cw-0007v9-I2 for submit@debbugs.gnu.org; Tue, 30 Mar 2021 02:50:34 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35162) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lR8Cu-0007ut-Q9 for control@debbugs.gnu.org; Tue, 30 Mar 2021 02:50:33 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60788) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lR8Cp-0006Sk-Ih for control@debbugs.gnu.org; Tue, 30 Mar 2021 02:50:27 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=52078 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lR8Cl-00012X-RI for control@debbugs.gnu.org; Tue, 30 Mar 2021 02:50:25 -0400 Date: Tue, 30 Mar 2021 08:50:17 +0200 Message-Id: <87czvhkudy.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #47228 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) tags 47228 notabug close 47228 quit From unknown Wed Sep 10 21:37:01 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 27 Apr 2021 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator