Hi! Ludovic Courtès skribis: > In addition to the news entry that ‘guix pull’ will display, we may want > to publicize the issue. In particular, should we: > > 1. Apply for a new CVE? > > 2. Post an article on the blog to explain in detail what happened? > That should probably include an analysis like that at > , given > that Guix does things not entirely like Nix here. > > 3. Email that analysis to oss-security? > > 4. Push a new release? > > I’m tempted to think that we should do 1 to 3, as quickly as we can. > Help welcome, in particular on #2! Attached is a draft based on ‘etc/news.scm’. Let me know what you think! Ludo’.