From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Attila Lendvai <attila@lendvai.name>
Newsgroups: gmane.lisp.guile.devel
Subject: Re: The Guile junk drawer and a C plea
Date: Thu, 18 Jul 2024 09:04:08 +0000
Message-ID: <aFD3Ku07tS1Eu8Cp7NBCRSB9c8X9OSJMTBkPdxkjGY5xGTKJOHgz0T6Qb8LkccNoJDGX7078zf1vlaFlaBGCW292MbxZYOmQBISHPY2AjoI=@lendvai.name>
References: <20240629002027.13853-1-richard@freakingpenguin.com>
 <87h6co21qv.fsf@laura> <87r0bsxpoe.fsf@web.de>
 <4d9d9c2e-0830-4267-b8e5-1a50cb815508@msavoritias.me>
 <0ca709eb-5d14-4ce7-a27e-3b7367bde44d@lassi.io> <877cdk10s6.fsf@laura>
 <ZpfsuOlWrohEJA71@tuxteam.de>
 <Ep63BNANesrpirIKEAn3vg1k1ODr5d5RN7qp_O9x0gjrGM8EiMc5frYfQHMBeGwT7KwkL-C54rZhAhxai4RhbiSlRXG4JWubNNDpMXDLSYM=@lendvai.name>
 <87bk2vyd29.fsf@web.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="9526"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: "tomas@tuxteam.de" <tomas@tuxteam.de>,
 Olivier Dion <olivier.dion@polymtl.ca>, Lassi Kortela <lassi@lassi.io>,
 Msavoritias <email@msavoritias.me>,
 "guile-devel@gnu.org" <guile-devel@gnu.org>
To: "arne_bab@web.de" <arne_bab@web.de>
Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Thu Jul 18 11:04:57 2024
Return-path: <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>
Envelope-to: guile-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>)
	id 1sUN4K-0001x4-Fn
	for guile-devel@m.gmane-mx.org; Thu, 18 Jul 2024 11:04:56 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guile-devel-bounces@gnu.org>)
	id 1sUN46-0003Op-S5; Thu, 18 Jul 2024 05:04:42 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <attila@lendvai.name>)
 id 1sUN3o-0002SC-WE
 for guile-devel@gnu.org; Thu, 18 Jul 2024 05:04:26 -0400
Original-Received: from mail-4317.proton.ch ([185.70.43.17])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <attila@lendvai.name>)
 id 1sUN3m-00053R-26
 for guile-devel@gnu.org; Thu, 18 Jul 2024 05:04:24 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name;
 s=protonmail2; t=1721293458; x=1721552658;
 bh=2aMYIlnhv0zarBL0Ibc2QzPbgTneOcIXUg2OrAAWU1c=;
 h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
 Message-ID:BIMI-Selector;
 b=bI6seIVV7qBu7PR6N1c/xP17guClV4xj+Ji9fpAa2PqIsvBc+srpLTdCbyR6PC9SI
 nEk2nqBy2hlG9CoSPj6u05AxGxgp0xaLIOfEG66GVwlI2wRlJkrnfeX8Mv9oX4oTof
 2kl+Onth44LHlojIzweYJezNzNskacrpBtrrFf5tbGpkml1wcovDsMbT1FTv+jDpg8
 xo0t/lDjuANZ8/WNARA+S7rcaskE+NvPXsyBILYr8AsGrXkX5HacR4/dntUL5XqCZ/
 7CbTmqyZUW2Oz8UhYpQRAbvUeU9IKZJ4iImNtdWnSQbo7W6w1G2vIBFHVQ6/0WgQah
 CtlAvTn6SxQpQ==
In-Reply-To: <87bk2vyd29.fsf@web.de>
Feedback-ID: 28384833:user:proton
X-Pm-Message-ID: dd1af0d40f1ab9074eea93ec0496fea933cf10b5
Received-SPF: pass client-ip=185.70.43.17; envelope-from=attila@lendvai.name;
 helo=mail-4317.proton.ch
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guile-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Developers list for Guile,
 the GNU extensibility library" <guile-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guile-devel>,
 <mailto:guile-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guile-devel>
List-Post: <mailto:guile-devel@gnu.org>
List-Help: <mailto:guile-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guile-devel>,
 <mailto:guile-devel-request@gnu.org?subject=subscribe>
Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org
Original-Sender: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.lisp.guile.devel:22584
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.devel/22584>

>  > IOW, if you don't want changes in your dependencies, then just don't u=
pdate them.
> =20
>  This does not work.
> =20
>  You often have to update dependencies for security reasons. Got a new
>  gnutls or openssl or openssh with new cyphers you need to have a working
>  program =E2=80=94 will Guile 3 get updated to support them or will you b=
e forced
>  to migrate to Guile 4 to keep your tool working?


fork off guile 3 into a branch, and backport those precious few security is=
sues that you are suggesting will pop up.

and if backporting any of the fixes is too much burden, then add a warning =
and leave it unpatched.

it's not about destroying anything. it's about keeping engineering debt low=
, so that the invested human effort continues to give good yields.

or in short: it's possible to end up in an inadequate state by erring in bo=
th directions (i.e. too much reluctance for cleanup, and too much egerness =
for cleanup).