From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: Re: openssh vulnerability Date: Sat, 20 Oct 2018 13:17:48 -0700 Message-ID: <87o9bope37.fsf@gmail.com> References: <87efcp74ip.fsf@dustycloud.org> <87bm7ti3hd.fsf@gnu.org> <20181017054252.GA21802@jasmine.lan> <87woqgiuiv.fsf@dustycloud.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:56761) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gDxh9-0001X6-Rp for guix-devel@gnu.org; Sat, 20 Oct 2018 16:18:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gDxh5-0002hR-91 for guix-devel@gnu.org; Sat, 20 Oct 2018 16:17:59 -0400 Received: from mail-pf1-x436.google.com ([2607:f8b0:4864:20::436]:42666) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gDxh5-0002g0-0Y for guix-devel@gnu.org; Sat, 20 Oct 2018 16:17:55 -0400 Received: by mail-pf1-x436.google.com with SMTP id f26-v6so18007633pfn.9 for ; Sat, 20 Oct 2018 13:17:54 -0700 (PDT) In-Reply-To: <87woqgiuiv.fsf@dustycloud.org> (Christopher Lemmer Webber's message of "Wed, 17 Oct 2018 09:15:36 -0400") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Christopher Lemmer Webber Cc: Guix-devel --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Christopher Lemmer Webber writes: > Leo Famulari writes: > >> [...] >> >> Patch at > > Yay, thanks Leo! Thank you for the fix! It looks like this change (eed00f93e8999712191e39c59c15e23461520f43) went to master: =2D-8<---------------cut here---------------start------------->8--- $ git branch -a --contains eed00f93e8999712191e39c59c15e23461520f43 * (HEAD detached at 7d1f21c69) master remotes/origin/HEAD -> origin/master remotes/origin/master remotes/origin/wip-next-browser3 =2D-8<---------------cut here---------------end--------------->8--- Will this change trigger many rebuilds? It has many dependents: =2D-8<---------------cut here---------------start------------->8--- $ guix refresh -l libssh2 Building the following 1321 packages would ensure 3307 dependent packages are rebuilt: [...] =2D-8<---------------cut here---------------end--------------->8--- I looked into this email thread mainly because I was curious to see how we would apply the security update. I thought we would use grafts somehow, but this looks like we just changed the package definition on master, which will result in more rebuilds than usual - right? =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlvLjWwACgkQ3UCaFdgi Rp02XhAAzFObn5Cfke4VSysOKR75k0kL/9U1cquq89uxejTiVYcWm1xrjdA5fBLA dYepvefyhmnvPfrwlveZY3TSYYZ9r4YlsM5VNfkIrH11j5npSGrWXIkpXjMioZQO OB5Pt3LogcjL10poKhNWvhA4bxQpf6PTVd5yoHKA8QEDv+BSNnMrpVEMYQY72TAu 07KtjFoQCl7H3LAemrnSDcdNQ2eeB0BDn507GnFi8EMFLhgesVEtVKVq9pNEngYq xas6+vTscAObrzcLM8yYnTVgw3V7a/WoGVibKx1tF54QmPJQp+tzWi8uPcjDbrTV yqyGt0MUHW4IXGTbFWQ7DrR868ehFy7S00F/fvWPlb0H7mWadTYV9M/dnb40XmAj NoQBisywyCTvMXbP/JBjRsQ5jgs16dVc6Lat98zCFFHkyVsYpb3+GsSgK05pHiso PdlyFBvkbXNKrfoXj9kXsx3ZfqOetbMChVqedxMOGKf2G7xyPBBmbewF58Hpla3y lLadYtvHrCxvXcwubvRdDpOY0SxdEZ0ALTRTbYfak+Ona4SndnIFsaokvo3dVUst gvI2PfnpG2zcOhhnARgTJA4KVmC+16cS/KcgHeriHdPdB1zqmr7Ny22SmdsmTZsK oE2bFoi8M8HX9zsDulSfzn+vX8u499N6x7jTn6XxmIjwGE7jrJo= =iYkN -----END PGP SIGNATURE----- --=-=-=--