On Thu, Aug 31, 2017 at 11:52:25PM +0200, Marius Bakke wrote:
> Leo Famulari <leo@famulari.name> writes:
> 
> > On Thu, Aug 31, 2017 at 09:52:49PM +0200, Marius Bakke wrote:
> >> Side note: I think we should start adding patches as origins instead of
> >> copying them wholesale, to try and keep the git repository slim.
> >
> > We should make a git-minimal package for things like this, or use
> > guile-git / libgit2. Git itself is a very "heavy" package.
> 
> No, I mean adding patches like this:
> 
> (define %CVE-1970-0001.patch
>   (origin
>     (method url-fetch)
>     (uri "https://example.com/CVE-2017-0001.patch")
>     (sha256
>      (base32
>       "12c60iwxyc3rj6ih06a1g80vmkf8khvhm44xr9va4h21b74v8f5k"))))
> 
> (package
>  (...
>   (patches (list (search-patch "guix-specific-stuff.patch")
>                  %CVE-1970-0001.patch)))
> 
> That only requires the built-in guix downloader.

Ah, that's much better than what I was thinking.