GNU bug report logs - #48304
[PATCH] gnu: expat: Update via graft.

Previous Next

Package: guix-patches;

Reported by: Leo Prikler <leo.prikler <at> student.tugraz.at>

Date: Sat, 8 May 2021 23:29:01 UTC

Severity: normal

Tags: patch, security

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: Leo Prikler <leo.prikler <at> student.tugraz.at>
Cc: 48304 <at> debbugs.gnu.org, Maxime Devos <maximedevos <at> telenet.be>
Subject: [bug#48304] [PATCH] gnu: expat: Update via graft.
Date: Sun, 9 May 2021 11:22:54 -0400

On Sun, May 09, 2021 at 04:37:39PM +0200, Leo Prikler wrote:
> Indeed, the mail they dropped over at guix-devel made it seem as though
> not being on 2.3.0 was a security risk already.  The ChangeLog does
> mention some items worth fuzzing over.

In general, all updates are security updates. But we shouldn't / can't
update all core packages with grafts just because. Grafting is a kludge
that doesn't always work as expected (and the problems are hidden), and
it has a high I/O performance cost.

So, let's wait for a security advisory.

This bug report was last modified 3 years and 356 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #48304 [PATCH] gnu: expat: Update via graft.

GNU bug report logs - #48304
[PATCH] gnu: expat: Update via graft.