guix-patches--- via skribis: > Ryan, > > guix-patches--- via 写道: >> * gnu/packages/gnupg.scm (libcrypt): Update to 1.9.1. > > Thanks. > >> - (version "1.8.5") >> + (version "1.9.1") > > libgcrypt has 12119(!) dependent packages. Can we use a graft here? This > nongrafted version can then go to core-updates. > > Grafting means we keep these packages built against 1.8.5 and force-feed them > 1.9.1 instead, which might not work reliably across minor versions but needs to > be tried before rebuilding the world. > > Kind regards, > > T G-R According to the news at https://gnupg.org: --8<---------------cut here---------------start------------->8--- Libgcrypt 1.9.1 released (2021-01-29) important Unfortunately we introduced a severe bug in Libgcrypt 1.9.0 released 10 days ago. If you already started to use version 1.9.0 please update immediately to 1.9.1. --8<---------------cut here---------------end--------------->8--- Currently the master and staging branch are using libgcrypt 1.8.5 and core-updates is using 1.8.7. These versions don't have the critical bug as it was introduced in version 1.9.0. So I think updating libgcrypt on master is not an emergency, we just have to remember to never use version 1.9.0.