unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Re: A "cosmetic changes" commit that removes security fixes
@ 2021-04-22  0:58 Raghav Gururajan
  2021-04-22  2:41 ` Mark H Weaver
  0 siblings, 1 reply; 96+ messages in thread
From: Raghav Gururajan @ 2021-04-22  0:58 UTC (permalink / raw)
  To: Guix Devel
  Cc: mhw, Tobias Geerinckx-Rice, Leo Prikler, Leo Famulari,
	Léo Le Bouter


[-- Attachment #1.1: Type: text/plain, Size: 1758 bytes --]

Hi Mark!

> Raghav Gururajan has pushed another misleading "cosmetic changes"
> commit.

When you brought-up the concern 
(https://lists.gnu.org/archive/html/guix-devel/2020-12/msg00008.html), 
which I am grateful for, I have worked myself to prevent that from 
happening. It was so hard for me provided that I suffer from OCD 
(clinically-diagnosed and being treated for). I never made single "Make 
cosmetic changes" patches after that discussion. These two patches you 
are referring to, was made even before our discussion, as a part of 
wip-desktop work. The patches were pushed to core-updates as a part of 
#42958. Also, during review, I clearly stated about these two cosmetic 
changes patches, in this message (https://issues.guix.gnu.org/42958#64).

> This one is *far* worse than the examples I gave before.
> This one removes the security fixes for CVE-2018-19876 and
> cairo-CVE-2020-35492 that I had applied in commit
> bc16eacc99e801ac30cbe2aa649a2be3ca5c102a.

The commit is not new. I cherry-picked from core-updates 
(993de472ed3dfe90e1c4110b6b910c1f74d243ff), which was pushed as a part 
of #42958.

> Behold, Raghav's "cosmetic changes" to our 'cairo' package:
The commit is also not new. I cherry-picked from core-updates 
(f94cdc86f644984ca83164d40b17e7eed6e22091), which was pushed as a part 
of #42958.

NOTE:
When I format-patched these patches, initially (42958), did not contain 
changes to remove CVE. IIRC, when Leo and I were working outside of 
savannah, this change was probably added when we updated glib to latest 
version.

> With this in mind, does anyone else find it worrisome that Raghav has
> commit access?

I wish you had given me the benefit of the doubt.

Regards,
RG.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]

^ permalink raw reply	[flat|nested] 96+ messages in thread

end of thread, other threads:[~2021-05-06 17:25 UTC | newest]

Thread overview: 96+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-04-22  0:58 A "cosmetic changes" commit that removes security fixes Raghav Gururajan
2021-04-22  2:41 ` Mark H Weaver
2021-04-22  3:17   ` Raghav Gururajan
2021-04-22  4:05     ` Raghav Gururajan
2021-04-22  4:33       ` Mark H Weaver
2021-04-22  5:02         ` Raghav Gururajan
2021-04-22 17:21       ` Mark H Weaver
2021-04-22 17:40         ` Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes) Mark H Weaver
2021-04-22 20:06           ` Léo Le Bouter
2021-04-22 21:24             ` Ricardo Wurmus
2021-04-22 21:33             ` Mark H Weaver
2021-04-26 17:17               ` Ludovic Courtès
2021-04-28 16:43                 ` Criticisms of my "tone" " Mark H Weaver
2021-04-28 17:55                   ` Leo Famulari
2021-04-28 20:24                     ` Pjotr Prins
2021-04-29  6:54                       ` Joshua Branson
2021-04-29  9:26                   ` Léo Le Bouter
2021-04-29 15:30                     ` Matias Jose Seco Baccanelli
2021-04-30  0:57                   ` aviva
2021-05-01 17:02                   ` Giovanni Biscuolo
2021-05-01 20:07                     ` Leo Prikler
2021-05-01 22:12                       ` Mark H Weaver
2021-05-01 22:54                         ` Mark H Weaver
2021-05-01 23:15                         ` Leo Prikler
2021-05-02  3:13                           ` Mark H Weaver
2021-05-02 10:31                             ` Leo Prikler
2021-05-03  9:00                               ` Mark H Weaver
2021-05-03  9:59                                 ` Leo Prikler
2021-05-03 17:00                                   ` Mark H Weaver
2021-05-02  4:17                           ` 宋文武
2021-05-02  4:31                             ` Leo Famulari
2021-05-02  6:26                               ` 宋文武
2021-05-02 15:01                             ` Leo Prikler
2021-05-02 19:29                               ` Mark H Weaver
2021-05-02 20:09                                 ` Leo Prikler
2021-05-02 21:02                                   ` Mark H Weaver
2021-05-02 21:58                                     ` Leo Prikler
2021-05-02 20:59                                 ` Ludovic Courtès
2021-05-02 21:23                                   ` Mark H Weaver
     [not found]                           ` <87czu9sr9k.fsf@outlook.com>
2021-05-02  4:33                             ` 宋文武
2021-04-22 21:51             ` Another misleading commit log " Ludovic Courtès
2021-04-22 21:49         ` A "cosmetic changes" commit that removes security fixes Raghav Gururajan
2021-04-24  8:09           ` Mark H Weaver
2021-04-30  0:58             ` aviva
2021-04-22 18:37       ` Leo Famulari
2021-04-22 18:48         ` Mark H Weaver
2021-04-22 21:50         ` Raghav Gururajan
2021-04-22  4:08     ` Mark H Weaver
2021-04-22 11:39       ` 宋文武
2021-04-22 13:28         ` Mark H Weaver
2021-04-22 20:01       ` Léo Le Bouter
2021-04-22 21:08         ` Christopher Baines
2021-04-22 21:09         ` Leo Prikler
2021-04-22 21:21         ` Mark H Weaver
2021-04-23 17:52           ` Maxim Cournoyer
2021-04-23 18:00             ` Raghav Gururajan
2021-04-23 18:38               ` Maxim Cournoyer
2021-04-23 22:06                 ` Raghav Gururajan
2021-04-23 18:50             ` Léo Le Bouter
2021-04-23 19:15               ` Leo Prikler
2021-04-23 19:18               ` Leo Famulari
2021-04-23 19:33                 ` Léo Le Bouter
2021-04-23 20:12                   ` Leo Famulari
2021-04-26 17:06                     ` Giovanni Biscuolo
2021-04-26 17:32                       ` Leo Famulari
2021-04-26 21:56                         ` Giovanni Biscuolo
2021-04-26 23:01                           ` Leo Famulari
2021-04-24  7:46                   ` Mark H Weaver
2021-04-26 14:59                     ` Léo Le Bouter
2021-04-26 15:23                       ` Tobias Geerinckx-Rice
2021-04-26 17:21                         ` Ludovic Courtès
2021-04-26 20:07                           ` Pjotr Prins
2021-04-26 17:46                         ` Léo Le Bouter
2021-04-28 15:52                           ` Marius Bakke
2021-04-29  9:13                             ` Léo Le Bouter
2021-04-29 11:46                               ` Leo Prikler
2021-04-29 11:57                                 ` Léo Le Bouter
2021-04-29 11:41                             ` Arun Isaac
2021-04-29 12:44                               ` Pierre Neidhardt
2021-04-29 14:14                                 ` Pjotr Prins
2021-04-30 17:40                                   ` Pierre Neidhardt
2021-04-30 19:56                                     ` Pjotr Prins
2021-05-01  7:23                                       ` Arun Isaac
2021-05-01 12:40                                         ` Pjotr Prins
2021-05-01  9:15                                       ` Pierre Neidhardt
2021-05-01 10:18                                         ` Yasuaki Kudo
2021-05-03  7:18                                           ` Pierre Neidhardt
2021-05-01 14:50                                     ` Giovanni Biscuolo
2021-05-03  7:25                                       ` Pierre Neidhardt
2021-05-04  2:18                                         ` Bengt Richter
2021-05-04  6:55                                           ` Pierre Neidhardt
2021-05-04 15:43                                             ` Ludovic Courtès
2021-05-06 17:18                                               ` Pierre Neidhardt
2021-04-29 16:21                               ` Arun Isaac
2021-04-26 19:31                 ` Léo Le Bouter
2021-04-27 18:10                   ` Andreas Enge

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).