From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp10.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id +C/QNJeTA2RB/AAAbAwnHQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 04 Mar 2023 19:53:11 +0100
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp10.migadu.com with LMTPS
	id ANMHNJeTA2QLWQEAG6o9tA
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 04 Mar 2023 19:53:11 +0100
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id B094A2EE19
	for <larch@yhetil.org>; Sat,  4 Mar 2023 19:53:10 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1pYX0C-0007HO-2V; Sat, 04 Mar 2023 13:53:04 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pYX0A-0007E6-Iw
 for guix-patches@gnu.org; Sat, 04 Mar 2023 13:53:02 -0500
Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pYX0A-0000jN-9G
 for guix-patches@gnu.org; Sat, 04 Mar 2023 13:53:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1pYX09-0000pp-QB
 for guix-patches@gnu.org; Sat, 04 Mar 2023 13:53:01 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#61583] [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490
 & CVE-2023-23946].
Resent-From: Simon Tournier <zimon.toutoune@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sat, 04 Mar 2023 18:53:01 +0000
Resent-Message-ID: <handler.61583.B61583.16779559443155@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 61583
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Leo Famulari <leo@famulari.name>
Cc: 61583@debbugs.gnu.org, Greg Hogan <code@greghogan.com>
Received: via spool by 61583-submit@debbugs.gnu.org id=B61583.16779559443155
 (code B ref 61583); Sat, 04 Mar 2023 18:53:01 +0000
Received: (at 61583) by debbugs.gnu.org; 4 Mar 2023 18:52:24 +0000
Received: from localhost ([127.0.0.1]:37724 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1pYWzX-0000oo-Ms
 for submit@debbugs.gnu.org; Sat, 04 Mar 2023 13:52:24 -0500
Received: from mail-lf1-f48.google.com ([209.85.167.48]:43571)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zimon.toutoune@gmail.com>) id 1pYWzW-0000oV-M6
 for 61583@debbugs.gnu.org; Sat, 04 Mar 2023 13:52:23 -0500
Received: by mail-lf1-f48.google.com with SMTP id r27so7675534lfe.10
 for <61583@debbugs.gnu.org>; Sat, 04 Mar 2023 10:52:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20210112; t=1677955936;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:from:to:cc:subject:date:message-id:reply-to;
 bh=NOrL8Xh+DscuNQDECRbTwVLEAq48D7EsDxyrhQy+Leg=;
 b=WhI2mrvxLHbfqy0bUXMvlY15ZsmG9dQJSaCEL8FurCETT7SnCmv3AL9R+b2ga4cDwP
 WbrIOPRnd7U4kpRvcW6ZTjuVKFLPWtp26AaG7e89UYn+lB00zrnHLsrCcEo0n9k+aWuk
 XcUCcdM1V318ta+nyfPDj7k0EDQW6vpPSLbVuHkj/IxGHgmuWbXUQr7iUlN8CXNBRBeN
 wwjYwm6srgCw8ClpVECwcF8BePC1oMJuZhVWlFs8RKh0aZfzY6PVHmLo/z2vZg2G/bgT
 MG/JswmUiKdkjs0pIh3T5TJCpsrkDxQPrKYbgxEpIgkQolmYiXXhjGW3/n2rlcbCs5Yv
 0ZGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112; t=1677955936;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=NOrL8Xh+DscuNQDECRbTwVLEAq48D7EsDxyrhQy+Leg=;
 b=68rl3hMpS/Ae1wx2ffYxVMbdxkxszgJHV7PzAIaLr2/9IG/3yqBBw4e/LU3u2zm0eq
 67DqmBqYvxPiPuQ2udXeNtD0f/WTCJQIYtLbfjdJfip8u7ZChFu2Lnnb70mPmeqw3fo+
 0HyjhDEkJ2NoL5/9brLUd0tU4iT0fctHZ5ar5O7SoEYbOQO4oXn61huZtnPnNbJFACZP
 Q3y0SnZKlP7hHCXGRyubuYe48bCzpuIvD6nIN0sxrcdjiJH/3PHSg+Dnwh4cn027CpGX
 enVjCLonuXelrCZ18swdMuzcebQuBukaQg4hBOinByh3sgTLi8PATHswkNjgtjWZ/Tsp
 lbzA==
X-Gm-Message-State: AO0yUKWJB2z5Rc1xeZoWbT1AP1ypjEIC79IcqnFAGPxI7sauaDmp+FVk
 I5KpjgU4Zkwu520wG9GD15PppVeh+IEHmjRL3Xc=
X-Google-Smtp-Source: AK7set9mK4QuLlLd4J60/KJxq7FgNcDGcEz9nT3FW2bGArVpXIx7JYvCL89vtE5a+nQG7x2B0sgj1KDgUn8Zsvww/lk=
X-Received: by 2002:ac2:52bb:0:b0:4db:b4:c8d7 with SMTP id
 r27-20020ac252bb000000b004db00b4c8d7mr1810520lfm.2.1677955936393; 
 Sat, 04 Mar 2023 10:52:16 -0800 (PST)
MIME-Version: 1.0
References: <20230217180402.29401-1-code@greghogan.com>
 <87y1os36js.fsf@gmail.com> <ZAJtKtBBc+tZeBlX@jasmine.lan>
In-Reply-To: <ZAJtKtBBc+tZeBlX@jasmine.lan>
From: Simon Tournier <zimon.toutoune@gmail.com>
Date: Sat, 4 Mar 2023 19:52:04 +0100
Message-ID: <CAJ3okZ3dxoyHKoi0QVikKyanNz9xDCWU7b6WcF73N8J31bmLxQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: guix-patches-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1677955990; a=rsa-sha256; cv=none;
	b=riGi94MUH84QyzSj6gake9pRbYg6jU+FdUbepPiLuHFJnALbEd+najOddmgI2UTv2mcPs6
	6kKMGR91FpVcE7bPoTXgvfbz2hIk7HO4XPNSzNlVRtNVEBq+y1L+mpnxSCKcgXPlpv0o1/
	rJG+U3AVxZXC8tvNqj8EZmeOPzRjL4vMt9NlCsvozkQD6B6GRPTyKoumllOJkmbQcT6w3P
	+/zEBSryJsw6tdPVuUR791fk2bS63qOj5ZG41q8gahQpbT0Zg9BKRlueW17WStLKLkLSsB
	W9Fr6CigsBqiVw19EwvtWEn2e5SDubXI1F1Zds23jR6t22mM8j0hhfYTh86ROQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=WhI2mrvx;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1677955990;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post:
	 dkim-signature; bh=NOrL8Xh+DscuNQDECRbTwVLEAq48D7EsDxyrhQy+Leg=;
	b=kJDtqYA41gD+aQCJqSs6UABHMnR3naKPDbzOijCKS/2tOUL/OkHMiwWDeuEIIzDUJ18WGu
	hKfoG7sIuhTdK4+wk7h0I9ZfFxeBTECUByrQHJrmCJF5J9ykuEE6IvEt3iv7p2V3ZdwPpS
	GjccFF5DswrYEq1I+CAhEF74rP+/K9GijJkgxmEOSYAs8vigib3lpgCC0pllDiVDJFWhhD
	lCqpYx0PnoeWAS5PBdbQsQPRe2hPKR1Q50xRSD7nK6UoYfV4+qaU879HJwj/slEUJm5HWh
	NO4HyclyrP+Z7OrwhpgAodJqz9R/nc4lK9rSyBQNRxYOXmyeA9TJul25Y9LZiQ==
X-Migadu-Scanner: scn1.migadu.com
X-Migadu-Spam-Score: -2.10
X-Spam-Score: -2.10
X-Migadu-Queue-Id: B094A2EE19
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=WhI2mrvx;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none)
X-TUID: /FUISdBV2b+k

Hi,

On Fri, 3 Mar 2023 at 22:57, Leo Famulari <leo@famulari.name> wrote:

> Overall, git and git-minimal will cause more than 300 rebuilds, but not
> too many for the current state of the build farm.

I get 546 dependent packages for git + git-minimal which need to be
re-built.  And some are really expensive -- that what I meant by "a
lot of rebuilds". :-)

Well, I do not know if there is an issue with QA or it is just really
expensive but the process is still pending, if I read correctly
<https://qa.guix.gnu.org/issue/61583>.

> Concretely, why can't we push this to master immediately?

Somehow the guarantee that none of these 546 would not be broken by
the update. ;-)

Anyway, I had locally built them -- it took 3-4 days on my machine,
IIRC -- and I do not remember any "big" breakage, maybe a couple of
packages -- even maybe not since some are already broken.  However, I
did not carefully tracked my process thinking to come back later --
well, I ran "guix gc" in the mean for checking stuff with SWH coverage
thinking that QA would have finished.

I do not have an opinion where or whether to push.

Cheers,
simon