From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Attila Lendvai Newsgroups: gmane.lisp.guile.devel Subject: Re: The Guile junk drawer and a C plea Date: Thu, 18 Jul 2024 09:04:08 +0000 Message-ID: References: <20240629002027.13853-1-richard@freakingpenguin.com> <87h6co21qv.fsf@laura> <87r0bsxpoe.fsf@web.de> <4d9d9c2e-0830-4267-b8e5-1a50cb815508@msavoritias.me> <0ca709eb-5d14-4ce7-a27e-3b7367bde44d@lassi.io> <877cdk10s6.fsf@laura> <87bk2vyd29.fsf@web.de> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="9526"; mail-complaints-to="usenet@ciao.gmane.io" Cc: "tomas@tuxteam.de" , Olivier Dion , Lassi Kortela , Msavoritias , "guile-devel@gnu.org" To: "arne_bab@web.de" Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Thu Jul 18 11:04:57 2024 Return-path: Envelope-to: guile-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sUN4K-0001x4-Fn for guile-devel@m.gmane-mx.org; Thu, 18 Jul 2024 11:04:56 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sUN46-0003Op-S5; Thu, 18 Jul 2024 05:04:42 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sUN3o-0002SC-WE for guile-devel@gnu.org; Thu, 18 Jul 2024 05:04:26 -0400 Original-Received: from mail-4317.proton.ch ([185.70.43.17]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sUN3m-00053R-26 for guile-devel@gnu.org; Thu, 18 Jul 2024 05:04:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name; s=protonmail2; t=1721293458; x=1721552658; bh=2aMYIlnhv0zarBL0Ibc2QzPbgTneOcIXUg2OrAAWU1c=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=bI6seIVV7qBu7PR6N1c/xP17guClV4xj+Ji9fpAa2PqIsvBc+srpLTdCbyR6PC9SI nEk2nqBy2hlG9CoSPj6u05AxGxgp0xaLIOfEG66GVwlI2wRlJkrnfeX8Mv9oX4oTof 2kl+Onth44LHlojIzweYJezNzNskacrpBtrrFf5tbGpkml1wcovDsMbT1FTv+jDpg8 xo0t/lDjuANZ8/WNARA+S7rcaskE+NvPXsyBILYr8AsGrXkX5HacR4/dntUL5XqCZ/ 7CbTmqyZUW2Oz8UhYpQRAbvUeU9IKZJ4iImNtdWnSQbo7W6w1G2vIBFHVQ6/0WgQah CtlAvTn6SxQpQ== In-Reply-To: <87bk2vyd29.fsf@web.de> Feedback-ID: 28384833:user:proton X-Pm-Message-ID: dd1af0d40f1ab9074eea93ec0496fea933cf10b5 Received-SPF: pass client-ip=185.70.43.17; envelope-from=attila@lendvai.name; helo=mail-4317.proton.ch X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Original-Sender: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.lisp.guile.devel:22584 Archived-At: > > IOW, if you don't want changes in your dependencies, then just don't u= pdate them. > =20 > This does not work. > =20 > You often have to update dependencies for security reasons. Got a new > gnutls or openssl or openssh with new cyphers you need to have a working > program =E2=80=94 will Guile 3 get updated to support them or will you b= e forced > to migrate to Guile 4 to keep your tool working? fork off guile 3 into a branch, and backport those precious few security is= sues that you are suggesting will pop up. and if backporting any of the fixes is too much burden, then add a warning = and leave it unpatched. it's not about destroying anything. it's about keeping engineering debt low= , so that the invested human effort continues to give good yields. or in short: it's possible to end up in an inadequate state by erring in bo= th directions (i.e. too much reluctance for cleanup, and too much egerness = for cleanup).