From: zimoun <zimon.toutoune@gmail.com>
To: "Léo Le Bouter" <lle-bout@zaclys.net>
Cc: guix-devel@gnu.org
Subject: Re: Why [bug#47081] Remove mongodb?
Date: Wed, 17 Mar 2021 22:24:09 +0100 [thread overview]
Message-ID: <86lfalv5hi.fsf@gmail.com> (raw)
In-Reply-To: <cfbaa5479375073fcb2a9c55f3a2db61b4ab0138.camel@zaclys.net>
On Wed, 17 Mar 2021 at 20:11, Léo Le Bouter <lle-bout@zaclys.net> wrote:
> On Wed, 2021-03-17 at 19:51 +0100, zimoun wrote:
>> It shows exactly my point. The correct and polite way of doing the
>> thing is first to examine the issue at hand (3.4.10 is old with
>> security
>> vulnerabilities), then propose a fix (e.g., the removal), wait
>> feedback,
>> and complete.
>
> Actually we did not know pushing a security fix with 3.4.24 was not
> fine, from quick auditing I have made 3.4.24 would still be under AGPL
> so it would be fine to upgrade, turns out not since some files inside
> are under SSPL but that was discovered way later, even when Efraim had
Later means here only hours.
> doubt and reverted my commit we had a debate and Efraim bought my
> arguing even though I was wrong and they were right, if for every
> security issue I have to ask feedback I may not ship them in a timely
> manner, so that's also why they tend to be pushed faster than usual..
Haste is not speed.
> we may want to establish a clear process here. I usually create issues
> for things I need help on, if I can do it myself and feel confident, I
> just push, I can be wrong of course and always sorry for issues, I fix
> them shortly in next commits if any.
I really appreciate your valuable work. I have the impression you think
that you have to push as fast as you can, whatever if it is the right
fix. If I might, first please avoid to burn out and second do not
worry, the world will not explode because of a security vulnerability in
Guix. Maybe one day when Guix will dominate the world, soon! :-)
I am not convinced that the regular Guix user is upgrading their package
set twice a day; maybe once a week at best and more probably time to
time. Guix is rooted in The Right Thing™ and sometimes it means delay
to think what the right thing really is. Therefore, the process is
already clear: go via guix-patch for non-trivial changes and wait
feedback.
At the end, I cannot express better what Tobias wrote:
<https://yhetil.org/guix/87ft0un7ma.fsf@nckx>
or Leo:
<https://yhetil.org/guix/YFEDt/PUd2ZeC6/F@jasmine.lan>
All the best,
simon
next prev parent reply other threads:[~2021-03-17 21:26 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20210312005632.13690-1-lle-bout@zaclys.net>
2021-03-17 16:56 ` Why [bug#47081] Remove mongodb? zimoun
2021-03-17 17:09 ` Léo Le Bouter
2021-03-17 17:56 ` zimoun
2021-03-17 18:16 ` Léo Le Bouter
2021-03-17 18:51 ` zimoun
2021-03-17 19:05 ` Léo Le Bouter
2021-03-17 19:11 ` Léo Le Bouter
2021-03-17 21:24 ` zimoun [this message]
2021-03-20 11:37 ` Ludovic Courtès
2021-03-21 22:15 ` Léo Le Bouter
2021-03-22 9:55 ` Efraim Flashner
2021-03-22 16:14 ` Ludovic Courtès
2021-03-22 16:45 ` Jack Hill
2021-03-17 17:20 ` Léo Le Bouter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86lfalv5hi.fsf@gmail.com \
--to=zimon.toutoune@gmail.com \
--cc=guix-devel@gnu.org \
--cc=lle-bout@zaclys.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).