From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id BQgZHCd1WGBQKwAA0tVLHw
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 22 Mar 2021 10:44:55 +0000
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id mF1/Fyd1WGA4ewAA1q6Kng
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 22 Mar 2021 10:44:55 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id F30101689D
	for <larch@yhetil.org>; Mon, 22 Mar 2021 11:44:54 +0100 (CET)
Received: from localhost ([::1]:40638 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1lOI3K-00069V-2r
	for larch@yhetil.org; Mon, 22 Mar 2021 06:44:54 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34178)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <andreas@enge.fr>) id 1lOHoK-0002Es-6C
 for guix-devel@gnu.org; Mon, 22 Mar 2021 06:29:24 -0400
Received: from hera.aquilenet.fr ([2a0c:e300::1]:34138)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <andreas@enge.fr>) id 1lOHoH-0005kg-1F
 for guix-devel@gnu.org; Mon, 22 Mar 2021 06:29:23 -0400
Received: from localhost (localhost [127.0.0.1])
 by hera.aquilenet.fr (Postfix) with ESMTP id 672E83FE;
 Mon, 22 Mar 2021 11:29:12 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
 by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id tdZBCnzUtIhK; Mon, 22 Mar 2021 11:29:11 +0100 (CET)
Received: from jurong (p200300dd5710fa00d100617c1be1ebbb.dip0.t-ipconnect.de
 [IPv6:2003:dd:5710:fa00:d100:617c:1be1:ebbb])
 by hera.aquilenet.fr (Postfix) with ESMTPSA id 5889F2B4;
 Mon, 22 Mar 2021 11:29:07 +0100 (CET)
Date: Mon, 22 Mar 2021 11:29:04 +0100
From: Andreas Enge <andreas@enge.fr>
To: =?iso-8859-15?B?TOlv?= Le Bouter <lle-bout@zaclys.net>
Subject: Re: imagemagick@6.9.11-48 to graft or not to graft with 6.9.12-2
Message-ID: <YFhxcOGC2iSbUwNz@jurong>
References: <d84349e57bc20d554ba0590b0a433dd6986199f6.camel@zaclys.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <d84349e57bc20d554ba0590b0a433dd6986199f6.camel@zaclys.net>
X-Spamd-Bar: /
X-Rspamd-Server: hera
X-Rspamd-Queue-Id: 672E83FE
X-Spamd-Result: default: False [-0.50 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_TWO(0.00)[2];
 RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[];
 MID_RHS_NOT_FQDN(0.50)[];
 FORGED_RECIPIENTS(2.00)[lle-bout@zaclys.net ..,andreas.enge@aquilenet.fr ...]; 
 RCVD_COUNT_TWO(0.00)[2]; BAYES_HAM(-3.00)[100.00%]
Received-SPF: neutral client-ip=2a0c:e300::1; envelope-from=andreas@enge.fr;
 helo=hera.aquilenet.fr
X-Spam_score_int: -10
X-Spam_score: -1.1
X-Spam_bar: -
X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001,
 SPF_NEUTRAL=0.779 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Cc: guix-devel@gnu.org
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1616409895;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=lbDMbccM0rqgeDN2xTimPeX8U3aZP7W/ZT5xRIzAYTk=;
	b=mx7Ed/3MDWUphwPG6ymE+LWu086hbgCDGfuR9jrSqqtV366+KbgnhcXYrLg7paFDbHRbhK
	6yXua4pcavNrc3JVcHMDk7kSznE31d1df6i4zanLJyNgyEXf14dFc3Jxy4llo3IpHlphvc
	aGbxKoriOXaCFDAitx1aGKHT+gFZUBkuhBnl+FoZp303zGzzhxDSZ7sVB5YwsWzb73IEfG
	RTTNywfeCT1rLTI/szjM8FUQvvth4MTpCp1bKYQNdmyfZHPdljjZYbvNsCVR8ZH6sVmthW
	i1NWDVUHNPh43SCUV+HhWDw6W1INUi1ni16571RB20Ur43MYNPK1+OfvJ3PtyQ==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616409895; a=rsa-sha256; cv=none;
	b=SesF+raEoak5Ud51VJYMilpzuB4u7UUocJvgjfmrFbGJ0kimErHjmLQjF9lMUBsyS11x3P
	yGvWgEp9i9jUMi+WYsYOj6cWyzIDpF7W8oKF/zJtF116GTbmRSxbOw5EV+p5L9DiSt9Jqx
	dMM+x1Xa3L+d4QPBc2nbt/WvYqcLlF6fUlbNqb4bxl2CLJ7jTb+CGIqzNfZH+jR4hgSS6O
	awzMb5XzwK56IEdeajJgQSPfkWcOVhGLeC6h/I1Zorsnouc8HLkpuLvBFBGOLFIel8g2qT
	Gm3yx/bI5RKGdN0fqhH9Vkr5tw3aM3qzwZl6izTPNw7U7C4iXIGC6DOVYdk9vA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Spam-Score: -1.92
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Queue-Id: F30101689D
X-Spam-Score: -1.92
X-Migadu-Scanner: scn0.migadu.com
X-TUID: bEj8tqArFe02

Am Fri, Mar 19, 2021 at 10:40:45AM +0100 schrieb Léo Le Bouter:
> We had a user reporting that Inkscape stopped working after the graft (
> https://logs.guix.gnu.org/guix/2021-03-18.log#100200), after which we
> decided on IRC with rekado we might cheat by symlinking the shared
> libraries, which I've done in commit
> 2e0ff59f0cd836b156f1ef2e78791d864ce3cfcd, from a glance it didnt seem
> the soname change caused backwards incompatible changes but only
> forward incompatible changes.

It happens I just wanted to use inkscape, started submitting a bug report:
   https://issues.guix.gnu.org/47315
and ended up realising that this is exactly the issue discussed on
guix-devel.

I cannot afford a "guix pull" right now, since with
   https://issues.guix.gnu.org/31719
this might mean a download of a few gigabytes, so I did not check whether
the symlinking fix does work.

But honestly, this feels like piling a cludge (symlinking) onto a cludge
(grafting), and that we are not in the high quality approach for which
I appreciate Guix.

Personally, I would suggest to revert the commits. If the CVE is sufficiently
important (it would be useful if the commit log or the diff itself contained
its number), maybe we can update the imagemagick version on the wip-release
branch, which is supposed to be built soon and merged back to master?

And please let us agree that in the future, we only backport fixes in grafts
and do not update version numbers.

Andreas