On Mon, 2021-04-26 at 17:23 +0200, Tobias Geerinckx-Rice wrote: > Hi Léo, > > > https://git.sr.ht/~lle-bout/guix/commit/a045a48dd961f0c5c3d536dcc3fd21d9c08d2d50 > > https://git.sr.ht/~lle-bout/guix/commit/6477daa338fbf1c9edacfc3690aca77cacfe0008 > > > > Can you please explain what went wrong here? > > Is a reasonable question, shared by all of us, not just Mark. The > constructive way forward is to answer it fully. It's in your best > interest to do so. > > Kind regards, > > T G-R I am sorry, I will not. It's evident nothing went wrong and Mark is not asking questions that are beneficial to anyone here besides contributing to public shaming of people. The fix is already pushed and thank you to the person that made it and Mark for identifying the issue, however I don't say thank you for trying to publicly shame people on the mailing list, both Raghav and me. At best there was an oversight (like there's many in various commits made everyday to GNU Guix) where I assumed the latest version of software would contain all security fixes (as I tend to consider GNONE software such as cairo is well maintained upstream security-wise, seems not), I don't think there's anything more to add. I find Mark's way of communicating about these issues not constructive and unfriendly. I think that if Mark or anyone else's expect me to answer I think they should not phrase criticism in a way that they accuse me or anyone else of having made a mistake. I don't think we should find who is responsible for mistakes, we could however ask advice on what happened to fix the mistake in case the person that introduced it cannot. And to ever think I would act in bad faith towards GNU Guix security when I spent entire weeks checking and patching CVEs full time, I don't think that would make sense. On Mon, 2021-04-26 at 19:21 +0200, Ludovic Courtès wrote: > Hi Léo, > > Tobias Geerinckx-Rice skribis: > > > > https://git.sr.ht/~lle-bout/guix/commit/a045a48dd961f0c5c3d536dcc3fd21d9c08d2d50 > > > https://git.sr.ht/~lle-bout/guix/commit/6477daa338fbf1c9edacfc3690aca77cacfe0008 > > > Can you please explain what went wrong here? > > > > Is a reasonable question, shared by all of us, not just Mark. The > > constructive way forward is to answer it fully. It's in your best > > interest to do so. > > I concur. Please reply as soon as you can so we can understand what > happened, restore trust, and collectively avoid such pitfalls in the > future. > > Thanks in advance, > Ludo’. I don't understand how trust would be lost. Léo