From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id mNePCuI+Q2brXwAAe85BDQ:P1 (envelope-from ) for ; Tue, 14 May 2024 12:37:22 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id mNePCuI+Q2brXwAAe85BDQ (envelope-from ) for ; Tue, 14 May 2024 12:37:22 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=pelzflorian.de header.s=key2 header.b=j7iAKnBa; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1715683042; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=q6Urn9yXNOFrWFqw2FOM2fl/JBPEqcDDBgn6Tjjxiqg=; b=lcivfDSj2XwbrC3svwtHd3Pl8RPQ1pNDV2TP10PiHzg1yDXqAU0emI5LwgXxoOCyFhveGp 5/b2h/TGgTBUsmG/WCya2u2qRVZMVQeJZWf6E5ufJ5g74eMrmTwdzS9lA6rtvDWhMQAGqZ aK9nKwq9CED89RqPx4xrcAuYmKUfXBrTLHTbMZjCvAVXLH+GHXAef7H7u71Wl+UCbiR9Uc nsNgN7gxSsf0s7EGaE0i5XxoHbv4iAihTYbJgStFfjw7VXVv7vCsbkjrMrVQeoJUNLbCC0 8Km+iY+cUuIzL8W8L4t8twck8y2Oi5Mcg5AR6pUhmQYB8chIThHqXL/Ynv9fkw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1715683042; a=rsa-sha256; cv=none; b=F7cGnyIa5XhOdk0WLrOJgxwInn+fVR9t82rLvnDrrJmPKVOPLBmUsFjGN0iKjF97M/HX3L 4bmAScF+6h23CZAfVkuCVU7quxusU8w/CHRTQPifixOEM4urGorvMNJk88GSH1G/DqXvb4 IyDJX26a0VCwKq8s6v6egLr1VJWxCYSaoE4Kcvr+D9Z61uAvF/6hVa5eT++3nnnCArfFtd lBECEJ7KeHB2y3NtdVVn6SyGAmg+Notes3TFsbDffGAO4nDQO5/WIqES9KWwcHUJ0cMWfh qx0UaehfvvXiIjuTPBrYCtTrE6HhDeWvliYBK4Bm7kUqvRIaS0nMWce6QQz4mw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=pelzflorian.de header.s=key2 header.b=j7iAKnBa; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B56E57BED for ; Tue, 14 May 2024 12:37:21 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s6pWq-00028c-EJ; Tue, 14 May 2024 06:37:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s6pWn-00028I-Va for bug-guix@gnu.org; Tue, 14 May 2024 06:37:02 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1s6pWn-0008Td-8H for bug-guix@gnu.org; Tue, 14 May 2024 06:37:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1s6pWo-0005xb-1b for bug-guix@gnu.org; Tue, 14 May 2024 06:37:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#70663: nss@3.99 is really hard to build Resent-From: "pelzflorian (Florian Pelz)" Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 14 May 2024 10:37:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70663 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Christopher Baines Cc: 70663@debbugs.gnu.org, Maxim Cournoyer , Ian Eure Received: via spool by 70663-submit@debbugs.gnu.org id=B70663.171568299722861 (code B ref 70663); Tue, 14 May 2024 10:37:02 +0000 Received: (at 70663) by debbugs.gnu.org; 14 May 2024 10:36:37 +0000 Received: from localhost ([127.0.0.1]:38506 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6pWP-0005wd-Fw for submit@debbugs.gnu.org; Tue, 14 May 2024 06:36:37 -0400 Received: from relay.yourmailgateway.de ([194.59.206.189]:60455) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6pWI-0005wJ-Bx for 70663@debbugs.gnu.org; Tue, 14 May 2024 06:36:35 -0400 Received: from relay02-mors.netcup.net (localhost [127.0.0.1]) by relay02-mors.netcup.net (Postfix) with ESMTPS id 4Vdt7Z5l43z45QM; Tue, 14 May 2024 12:36:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pelzflorian.de; s=key2; t=1715682986; bh=HauXyJUUTHKyV/PICQYYrTsdGnL4lmks85y3+Vgjbq0=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=j7iAKnBakUZJSfokZaDaHLCxNDK+BkktKPpquRdaAIyTknLE7+ciEm8gW59dTxXLU az87JtSrD/EH5TGO1mQROBWmbbC6Det7ou1kEAOzcCQuBtr9j15BIuyj6h/PTCJNQx IQCeeCSEKSzxQK7xdiD+JIV3dq8VoniSIyTpOJe9dgeg8L1yuFI3p6U7tNnJzqr1Mu Qz7/JnuZw92pT0KIalOWB2+HZcE0J5Vi6T0mO9zeSoh7XHj9n8ctE3jZPNE6L7Ry1E lHmddJNpPCZiWkD9sd2qxENyH2NBXzJ61o3Yyg7Dk1NayV/txoWgfJTW98jQZnoP0S /TZvIM0aLCpCQ== Received: from policy02-mors.netcup.net (unknown [46.38.225.35]) by relay02-mors.netcup.net (Postfix) with ESMTPS id 4Vdt7Z5MWMz7wy4; Tue, 14 May 2024 12:36:26 +0200 (CEST) Received: from mxe217.netcup.net (unknown [10.243.12.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by policy02-mors.netcup.net (Postfix) with ESMTPS id 4Vdt7Z20Hkz8sbC; Tue, 14 May 2024 12:36:26 +0200 (CEST) Received: from florianrock64 (ipb2186896.dynamic.kabel-deutschland.de [178.24.104.150]) by mxe217.netcup.net (Postfix) with ESMTPSA id EAC2C83D60; Tue, 14 May 2024 12:36:18 +0200 (CEST) From: "pelzflorian (Florian Pelz)" In-Reply-To: <87o798zrtz.fsf@cbaines.net> (Christopher Baines's message of "Tue, 14 May 2024 10:05:28 +0100") References: <87plu7xla9.fsf@cbaines.net> <87o798zrtz.fsf@cbaines.net> Date: Tue, 14 May 2024 12:36:18 +0200 Message-ID: <87eda4vfx9.fsf@pelzflorian.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Rspamd-Queue-Id: EAC2C83D60 X-Rspamd-Server: rspamd-worker-8404 X-NC-CID: fkfcFg0HL0LC4S8jArCQA/M+kVD/otzXKpSgDkPPwtOYIyhKle5WZaN/ X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: 0.63 X-Spam-Score: 0.63 X-Migadu-Queue-Id: B56E57BED X-Migadu-Scanner: mx11.migadu.com X-TUID: FNALzoOlVOLM Hello Christopher. Christopher Baines writes: > Had the changes waited for longer, then these failures should have been > spotted by QA, I would guess that the revision might have failed to be > processed, and if it was processed successfully, the nss failures should > have shown up, so maybe we should start requiring [5] that not only are > changes sent to guix-patches@gnu.org, but that QA processes them (to > some extent) before merging? > > 5: https://guix.gnu.org/manual/devel/en/html_node/Managing-Patches-and-Branches.html# Yes, though note that the nss change did provide security fixes: commit e584ff08b162c46ef587daca438e97d56bc20b32 Author: Maxim Cournoyer Date: Wed Apr 24 11:22:30 2024 -0400 gnu: nss: Graft with version 3.98 [security fixes]. This fixes CVE-2023-5388, CVE-2023-6135 and CVE-2024-0743. * gnu/packages/nss.scm (nss) [replacement]: New field. (nss-3.98): Rename variable to... (nss/fixed): ... this. Make it a hidden package. * gnu/packages/librewolf.scm (librewolf) [inputs]: Replace nss-3.98 with nss/fixed. Change-Id: I8cc667c53a270dfe00738bf731923f1342036624 I suppose the requirement to wait for QA should apply to security fixes as well? Thank you for all your work. Regards, Florian