GNU bug report logs - #53119
[PATCH] gnu: reuse: Update to 0.14.0.

Previous Next

Package: guix-patches;

Reported by: Felix Gruber <felgru <at> posteo.net>

Date: Fri, 7 Jan 2022 18:10:02 UTC

Severity: normal

Tags: patch

Done: Nicolas Goaziou <mail <at> nicolasgoaziou.fr>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Maxime Devos <maximedevos <at> telenet.be>
To: 53119 <at> debbugs.gnu.org
Cc: Felix Gruber <felgru <at> posteo.net>
Subject: [bug#53119] [PATCH] gnu: reuse: Update to 0.14.0.
Date: Sat, 08 Jan 2022 23:19:57 +0000

[Message part 1 (text/plain, inline)]
User: guix
Usertags: reviewed looks-good

(I'm experimenting with usertags)

Hi,

I verified the following:

 * [x] it builds reproducibly on my machine (a x86_64) (using --
rounds=2)

   $ guix hash --serializer=nar /gnu/store/ygjym1j7w9ds6siw11jy0c9dn8rkpmgf-reuse-0.14.0 
   > 1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6

   If you have x86_64, please check if you have the same result!

 * [x] When I do "./pre-inst-env guix refresh -u reuse", I end up with
       the same version and base32 as in your patch, so no ‘Tricking peer
       review’-style issue seems to have happened .

       Ignoring uid and file name prefix differences, the tarball from pypi
       and https://github.com/fsfe/reuse-tool/archive/refs/tags/v0.14.0.tar.gz
       are the same (using diffoscope), so no pypi compromise appears to have
       happened.

 * [x] The diff between the old and new version (using diffoscope) seems reasonable,
       no malware appears to have crept in.

 * [x] no dependents (using guix refresh -l), so no world-rebuild issues.

Seems ok to apply to me!

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 191 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.