From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:bcc0::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id s2NfNs68gWCgkQAAgWs5BA (envelope-from ) for ; Thu, 22 Apr 2021 20:13:34 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id 8PT4MM68gWA4GQAAB5/wlQ (envelope-from ) for ; Thu, 22 Apr 2021 18:13:34 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9225C17A75 for ; Thu, 22 Apr 2021 20:13:34 +0200 (CEST) Received: from localhost ([::1]:55430 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lZdpV-0002Aw-OS for larch@yhetil.org; Thu, 22 Apr 2021 14:13:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60988) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lZdn2-000177-9e for guix-devel@gnu.org; Thu, 22 Apr 2021 14:11:00 -0400 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:40241) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lZdn0-0005Hv-6y; Thu, 22 Apr 2021 14:11:00 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 7245512D1; Thu, 22 Apr 2021 14:10:55 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Thu, 22 Apr 2021 14:10:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=96tUntQDp8nNRSFRzY8rwMlM YW+ohw9t/CaGCJtSBD0=; b=hmVIUJOuCavo8c5Dp3oHQyEhR1L38aAUvH7Z9jdG UzwGhMAn+mFir1EOjfwiFYuw09ckOqPxSBH+twXGmbEkL9nC73bimfB5gN15WWL6 DZJPwJgZrW3LPWB4FGRJiIYbsYCsthHOwOCITXEB7JnG8HpPT1Fn3wDfb0ZtWrdZ ydY= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=96tUnt QDp8nNRSFRzY8rwMlMYW+ohw9t/CaGCJtSBD0=; b=nxfKzBmprQduisC5fuTCwb CuxaM4C+yf8jCQ3rBAs5lLFR7UywGI3L8KXXVLEuxnRBB64cTizmNLBbgO9a1TxJ XriePg62Yu429v1UzYgaYfWARMjkQdofSACCNRRSUO3sypEx+bgs9OoEqtvGszbs rda3Wb5LxqQEJMaRtz2OBJvFtimRlABmVN8yHUCZ/scSwo4n+iowN28/RuZ5qBgh RaYNTavY58eFBxbCcahGBRUb1tAlM7+k/YpIrrQB2a8yeGE1JvldT46QUOf51xV0 bBZSaRzoB/mJ7aosf/xmxTfZPpKkNaHPZOE084M0o3wjRsseuaSMn22RgyrsI9yw == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvddutddguddvtdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcu hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth htvghrnhepueekkedtffdvtddugeejgedtvefhueefiedvjeeitdeigedtveejvdejheff vefgnecukfhppedutddtrdduuddrudeiledruddukeenucevlhhushhtvghrufhiiigvpe dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgv X-ME-Proxy: Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA id 73AFD108005B; Thu, 22 Apr 2021 14:10:54 -0400 (EDT) Date: Thu, 22 Apr 2021 14:10:52 -0400 From: Leo Famulari To: Mark H Weaver Subject: Re: Why is glib still grafted on the 'wip-ungrafting' branch? (was Re: wip-ungrafting builds stuck) Message-ID: References: <87sg3nnc6f.fsf@gnu.org> <87a6pr2wm2.fsf@netris.org> <871rb21dy4.fsf@netris.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <871rb21dy4.fsf@netris.org> Received-SPF: pass client-ip=64.147.123.24; envelope-from=leo@famulari.name; helo=wout1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Guix Devel , Mathieu Othacehe , Maxim Cournoyer Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1619115214; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=96tUntQDp8nNRSFRzY8rwMlMYW+ohw9t/CaGCJtSBD0=; b=gCq98Yqbf4U+nSUNs/VV6IEpAJikP5HLT6k3qjnFB5+mBKPUv7BaApV9sjTGfG/jvKUK9r fYU/p6H9mOGOTtOm4YMKzzM3tBj5vlSaBr1PgQlhjMbCu48mxA3uXFM/7fuC/uuEwmRt7t lk9z8s/n4CXAoN49a0d1Ubc23uE64rMMJCh1i9gcRJ9l8ZUyDsBMAB+cE6NXqoipLSDElb yXldTJiYykUbxrjDPa9tAcY3tVbP3ayzcJPCNVTiMF/EW6VXBumCl2D6TpM1QlLfeNprNz UOQcDhLB+neUaHdWv/JPztSXv/d3ynXlqWKcSHfN/w8TSOU/8eqcrDfNJj8arg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1619115214; a=rsa-sha256; cv=none; b=rWwpAsatV7j0GzpsnY7Cz1s/mSgS+g5tOs+rNQR82Aopjkk0IcpCqykCNMljhGFL2IucqD rtpEyoaRR2ezx0yMuoqvTEv1dWzKvb2kUPHX5CXkXjFAbIDzn6f7enrcZph/I9nOAzvT3B x99zdxRCUxFqB34zVDEENgLW6koxvLosqeEowLwCRNAmTd7On61ATZDJZ0E+P7X1Z6ZMxx dkrJRUWiFMY0Y3XRYafTast15Cb2qOvKwSGqpmy13Su6NV+Kls80tYzDy+LnyVTLHQxF65 lo3cTtmgszJGNwHMzXoCjOMV0tLJOF+E6UPjtnqgMQQnCVknyG+BiI3sUkMEPA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=hmVIUJOu; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=nxfKzBmp; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: 0.06 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=hmVIUJOu; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=nxfKzBmp; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 9225C17A75 X-Spam-Score: 0.06 X-Migadu-Scanner: scn0.migadu.com X-TUID: Sna9utziGgEN On Thu, Apr 22, 2021 at 12:27:52PM -0400, Mark H Weaver wrote: > I don't understand why it's relevant how many patches are involved. It > sounds like if I had concatenated all of the CVE-2021-27219 patches into > a single file, you would have judged that as "simple", and therefore > ungrafted it, although it makes no substantive difference. I know you understand the subtle risks of grafting, compared to rebuilding packages with the grafted changes. Just because something works as a graft, or seems to work as a graft, there is no guarantee that it will continue to work when we absorb the graft and rebuild all dependent packages. I decided to use this "simple change" heuristic based on my own experience working with grafts. Experience grants intuition, and my intuition tells that me that grafts with fewer lines of changed code are less likely to cause build failures or to change the behaviour of a package beyond the desired security fix. Remember, the goal of this branch was to attempt to *quickly* absorb some grafts. I had to use a heuristic approach. Both in deciding which grafts to absorb, and in explaining my decisions to you (I did not expect you to misunderstand). I could have told you that I selected these grafts based on "number of lines of changed code", but it was easier to write "number of patches". If you had concatenated those patches, I would have noticed that the file was gigantic and chosen not to ungraft it at this time. And to preempt the reply that you are sure to send, yes, I actually looked at the content of the patches when making my decisions.