From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33750) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fI8Wc-0006XT-In for guix-patches@gnu.org; Mon, 14 May 2018 04:08:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fI8WY-0006bl-Q4 for guix-patches@gnu.org; Mon, 14 May 2018 04:08:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:53490) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fI8WY-0006bf-L9 for guix-patches@gnu.org; Mon, 14 May 2018 04:08:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fI8WY-00078E-Fo for guix-patches@gnu.org; Mon, 14 May 2018 04:08:02 -0400 Subject: [bug#31444] 'guix health': a tool to report vulnerable packages Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33343) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fI8Vc-00066r-35 for guix-patches@gnu.org; Mon, 14 May 2018 04:07:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fI8VY-0005ij-Uu for guix-patches@gnu.org; Mon, 14 May 2018 04:07:04 -0400 Received: from gabriel-vm-2.zfn.uni-bremen.de ([134.102.50.10]:48514 helo=smtp.uni-bremen.de) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fI8VY-0005ac-FX for guix-patches@gnu.org; Mon, 14 May 2018 04:07:00 -0400 Received: from [192.168.42.241] (ip4d171518.dynamic.kabel-deutschland.de [77.23.21.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.uni-bremen.de (Postfix) with ESMTPSA id 46CC8242EC for ; Mon, 14 May 2018 10:06:52 +0200 (CEST) References: <87fu2vjj76.fsf@gnu.org> From: Martin Castillo Message-ID: Date: Mon, 14 May 2018 10:06:46 +0200 MIME-Version: 1.0 In-Reply-To: <87fu2vjj76.fsf@gnu.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="fPIkjPkMy4SHVs0lDLSlMWAKPrNUG9XJ6" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 31444@debbugs.gnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --fPIkjPkMy4SHVs0lDLSlMWAKPrNUG9XJ6 Content-Type: multipart/mixed; boundary="Gf0pCbkAT8l4e6b3jXBsv5gzrZgAMbG7S"; protected-headers="v1" From: Martin Castillo To: guix-patches@gnu.org Message-ID: Subject: Re: [bug#31444] 'guix health': a tool to report vulnerable packages References: <87fu2vjj76.fsf@gnu.org> In-Reply-To: <87fu2vjj76.fsf@gnu.org> --Gf0pCbkAT8l4e6b3jXBsv5gzrZgAMbG7S Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 14.05.2018 00:15, Ludovic Court=C3=A8s wrote: > [...] shadow@4.6 is available and fixes CVE-2018-7169, consider ugpradi= ng ^typo > Should we satisfy ourselves with the current approach in the meantime? Release early and often would say yes. But I'm not an experienced develop= er. I have the feeling that guix lint does not cache the CVEs it fetches. I think it should. --=20 GPG: 7FDE 7190 2F73 2C50 236E 403D CC13 48F1 E644 08EC --Gf0pCbkAT8l4e6b3jXBsv5gzrZgAMbG7S-- --fPIkjPkMy4SHVs0lDLSlMWAKPrNUG9XJ6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE61CTslYA+K5btSvb61vedmKoYVkFAlr5Q5wACgkQ61vedmKo YVnGJQf/V244szB3Ma415bDD+aMxnGPGJMgu2Rw0/73hC6LpdNFYIyPKGApc6E5P 1AXNHFTVoHIgnhRjMJrM1vPTcrheCUZkn7f4GAL2h0lRbqSm3PV8xGHgoZm4rbDS YJhd2WdDaaNVSTVSfRFEx59QU+sQ0tIAelHyNveFmL5Pot/KkKicmCIkYCU76zPm 4zASmFd4RsRt6D9HZVGx6mZUc/8MaD3L4JudI2gcnrJMDL/f34/0Xn6nJx7mA/1R nXl1eLb2zoSkBqQ1l0Ji7QRcWyDygRsQ7/nWGqjmX/GPe3//GcZ/ici0KDduiDi+ X8Jr8pGulBfAGw8ZLcSI5/7XrfNkZw== =RZZm -----END PGP SIGNATURE----- --fPIkjPkMy4SHVs0lDLSlMWAKPrNUG9XJ6--