GNU bug report logs - #71832
[PATCH v5 0/3] [SECURITY] Add nss-rapid; update Librewolf to 128.0.3-1

Previous Next

Package: guix-patches;

Reported by: Ian Eure <ian <at> retrospec.tv>

Date: Sat, 29 Jun 2024 03:58:01 UTC

Severity: normal

Tags: patch

Done: Vagrant Cascadian <vagrant <at> debian.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Vagrant Cascadian <vagrant <at> debian.org>
To: Ian Eure <ian <at> retrospec.tv>
Cc: 71832 <at> debbugs.gnu.org, guix-security <at> gnu.org
Subject: [bug#71832] [PATCH v6 2/3] gnu: Add nss-rapid.
Date: Sat, 17 Aug 2024 20:38:09 -0700

[Message part 1 (text/plain, inline)]
On 2024-08-17, Ian Eure wrote:
> diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
> index 9224a8ed5a..1a684e6146 100644
> --- a/gnu/packages/nss.scm
> +++ b/gnu/packages/nss.scm
...
> +;; nss should track ESRs, but currently doesn't.  3.102.1 is the current ESR.
> +
>  (define-public nss
>    (package
>      (name "nss")

Though I largely agree with the logic (e.g. nss *should* probably be
packaging ESR versions in general)... it seems a little weird to include
a comment about what the packaging for nss *should* do, even though it
is not (yet) doing it... similar with embedding a specific "current"
version, which will obviously become inaccurate before too long...

Alternately, maybe moving the comment to where the nss version is
actually defined; to give someone pause when considering updating the
version?

Or maybe this belongs in a separate discussion on guix-devel and/or bug?


> +;; nss-rapid tracks the rapid release channel.  Unless your package requires a
> +;; newer version, you should prefer the `nss' package, which tracks the ESR
> +;; channel.
> +;;
> +;; See https://wiki.mozilla.org/NSS:Release_Versions
> +;; and https://wiki.mozilla.org/Rapid_Release_Model
> +
> +(define-public nss-rapid

Mixed feelings on rapid vs. latest ... latest is a bit more consistent
with other guix packages, though "rapid" is the terminology that
upstream uses here.


Both those points are, in my opinion, quite minor; I would not want to
block on those points alone!


live well,
  vagrant

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 277 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.