From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: Mark H Weaver <mhw@netris.org>, Leo Famulari <leo@famulari.name>,
Vivien Kraus <vivien@planete-kraus.eu>,
47144@debbugs.gnu.org
Subject: bug#47144: [PATCH 3/3] gnu: patch: Graft to latest commit [security fixes].
Date: Sat, 01 Jun 2024 11:02:49 -0400 [thread overview]
Message-ID: <875xusln8m.fsf@gmail.com> (raw)
In-Reply-To: <87r0dgn36w.fsf@gnu.org> ("Ludovic Courtès"'s message of "Sat, 01 Jun 2024 16:32:55 +0200")
Hi Ludovic,
Ludovic Courtès <ludo@gnu.org> writes:
> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>
>> (define-public patch
>> (package
>> + (replacement patch/fixed)
>
> Unless I’m mistaken, this will have practically no effect because Patch
> is a build-time-only dependency.
>
> My recommendation would be to not add a ‘replacement’ field at all.
> Instead, you could add a new ‘patch/latest’ public variable pointing to
> that commit that you picked. That way, users running ‘guix install
> patch’ or similar will get the latest version of Patch.
I see what you mean, but for all practical purposes, using a graft seems
a more thorough (because it affects the original 'patch' *variable* as
well) means that have the same effect for users, so I'd seems like a
slightly better option to me.
So e.g. someone using the Guix API referencing exactly to the 'patch'
package variable would get a secure version, but would otherwise need to
know to adjust their code to use 'patch/latest'.
Does that make sense?
--
Thanks,
Maxim
next prev parent reply other threads:[~2024-06-01 15:05 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <6d01d537754ce50b10035903d8e7d205699c4b39.camel@zaclys.net>
2021-03-14 21:37 ` bug#47144: security patching of 'patch' package Mark H Weaver
2021-03-15 18:26 ` bug#47144: [PATCH 0/1] gnu: patch: Update to 2.7.6-7623b2d [security fixes] Léo Le Bouter via Bug reports for GNU Guix
2021-03-15 18:26 ` bug#47144: [PATCH 1/1] " Léo Le Bouter via Bug reports for GNU Guix
2021-03-18 21:58 ` Ludovic Courtès
2022-03-23 3:03 ` bug#47144: security patching of 'patch' package Maxim Cournoyer
2021-04-14 21:54 ` Leo Famulari
2024-05-31 2:59 ` bug#47144: [PATCH 1/3] gnu: ucd: Update to 15.1.0 Maxim Cournoyer
2024-05-31 2:59 ` bug#47144: [PATCH 2/3] gnu: gnulib: Update to 2024-05-30-1.ac4b301 Maxim Cournoyer
2024-05-31 2:59 ` bug#47144: [PATCH 3/3] gnu: patch: Graft to latest commit [security fixes] Maxim Cournoyer
2024-05-31 16:13 ` Simon Tournier
2024-06-01 1:49 ` Maxim Cournoyer
2024-06-04 15:39 ` Simon Tournier
2024-06-05 1:08 ` Maxim Cournoyer
2024-06-01 11:34 ` Maxim Cournoyer
2024-06-01 14:32 ` Ludovic Courtès
2024-06-01 15:02 ` Maxim Cournoyer [this message]
2024-06-05 16:04 ` bug#47144: security patching of 'patch' package Ludovic Courtès
2024-06-05 16:44 ` Simon Tournier
2024-06-06 0:49 ` Maxim Cournoyer
2024-06-01 12:56 ` bug#47144: [PATCH v2 1/3] gnu: ucd: Update to 15.1.0 Maxim Cournoyer
2024-06-01 12:56 ` bug#47144: [PATCH v2 2/3] gnu: gnulib: Update to 2024-05-30-1.ac4b301 Maxim Cournoyer
2024-06-01 12:56 ` bug#47144: [PATCH v2 3/3] gnu: patch: Graft to latest commit [security fixes] Maxim Cournoyer
2024-06-05 1:24 ` bug#47144: [PATCH v3 1/3] gnu: ucd: Update to 15.1.0 Maxim Cournoyer
2024-06-05 1:24 ` bug#47144: [PATCH v3 2/3] gnu: gnulib: Update to 2024-05-30-1.ac4b301 Maxim Cournoyer
2024-06-05 1:24 ` bug#47144: [PATCH v3 3/3] gnu: patch: Graft to latest commit [security fixes] Maxim Cournoyer
2024-06-06 0:46 ` bug#47144: [PATCH v4 1/3] gnu: ucd: Update to 15.1.0 Maxim Cournoyer
2024-06-06 0:46 ` bug#47144: [PATCH v4 2/3] gnu: gnulib: Update to 2024-05-30-1.ac4b301 Maxim Cournoyer
2024-06-06 0:46 ` bug#47144: [PATCH v4 3/3] gnu: patch: Update to latest commit [security fixes] Maxim Cournoyer
2024-06-24 4:43 ` bug#47144: security patching of 'patch' package Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875xusln8m.fsf@gmail.com \
--to=maxim.cournoyer@gmail.com \
--cc=47144@debbugs.gnu.org \
--cc=leo@famulari.name \
--cc=ludo@gnu.org \
--cc=mhw@netris.org \
--cc=vivien@planete-kraus.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).