From mboxrd@z Thu Jan  1 00:00:00 1970
From: Brice Waegeneire <brice@waegenei.re>
Subject: bug#40142: CVE checker return false positives
Date: Sat, 21 Mar 2020 16:57:33 +0000
Message-ID: <95d598f98f65efd7a5c89aaf52b80df1@waegenei.re>
References: <0bb3b7878b37095b4ed7fa49aee5936f@waegenei.re>
 <87sgi1znd8.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:52590)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jFhRj-0005uC-31
 for bug-guix@gnu.org; Sat, 21 Mar 2020 12:58:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jFhRi-0006hV-5r
 for bug-guix@gnu.org; Sat, 21 Mar 2020 12:58:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:41941)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jFhRi-0006hR-2o
 for bug-guix@gnu.org; Sat, 21 Mar 2020 12:58:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jFhRi-0007T5-2l
 for bug-guix@gnu.org; Sat, 21 Mar 2020 12:58:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.40142.B40142.158480986328682@debbugs.gnu.org>
In-Reply-To: <87sgi1znd8.fsf@gnu.org>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 40142@debbugs.gnu.org

Hello,

On 2020-03-21 16:25, Ludovic Courtès wrote:
> Probably the fix would be to preserve the vendor part in the API and to
> somehow use it meaningfully.
> 
> Ideas & patches welcome!

I'll see what I can write a patch to fix it then.

>> Also note the missing / on the first line and it output on `stderr'
>> instead of `stdout'.
> 
> What do you mean?

I misunderstood the meaning of “gnu/packages/version-control.scm:149:2:”
and thought there was a missing / before “gnu/”; this is irrelevant. 
About
the output stream of “guix lint” I think it should output to `stdout', 
not
`stderr' as it's currently the case.

Brice.