From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Bavier Subject: Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m. Date: Thu, 3 Nov 2016 22:17:18 -0500 Message-ID: <20161103221718.123dc755@centurylink.net> References: <87mvhgw4w0.fsf@openmailbox.org> Reply-To: bavier@member.fsf.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/oTDnGqdZ/mZR.74bouLE4s3"; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:58678) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c2V0X-0000hI-7L for guix-devel@gnu.org; Thu, 03 Nov 2016 23:17:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c2V0T-00050i-K9 for guix-devel@gnu.org; Thu, 03 Nov 2016 23:17:33 -0400 Received: from mail.centurylink.net ([205.219.233.9]:58440 helo=smtp.centurylink.net) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1c2V0T-00050U-EV for guix-devel@gnu.org; Thu, 03 Nov 2016 23:17:29 -0400 In-Reply-To: <87mvhgw4w0.fsf@openmailbox.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Kei Kebreau Cc: guix-devel@gnu.org --Sig_/oTDnGqdZ/mZR.74bouLE4s3 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 03 Nov 2016 18:54:55 -0400 Kei Kebreau wrote: > From b837111e3ddf406a3b9235538f63af678e3ac741 Mon Sep 17 00:00:00 2001 > From: Kei Kebreau > Date: Thu, 3 Nov 2016 17:58:48 -0400 > Subject: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of= w3m. >=20 > Fixes some security issues seen here: > >=20 > * gnu/packages/patches/w3m-upstream-20120522.patch: New file. > * gnu/packages/patches/w3m-debian-updates.patch: New file. > * gnu/packages/w3m.scm (w3m): Switch to Debian's actively maintained > fork of w3m. > [source]: Use Debian's tarball and patches. Remove obsolete patches. > [arguments]: Remove unnecessary modification of %standard-phases. > * gnu/local.mk (dist_patch_DATA): Register new patches. Remove obsolete > patches. > --- > gnu/local.mk | 6 +- > gnu/packages/patches/w3m-debian-updates.patch | 28498 +++++++++++++= ++++++ So theirs is the only actively maintained version of w3m and all they can provide is a 28.5 thousand line patch? No VCS repository? There must be some point at which it would be better for us to fetch the patch in an origin rather than importing it into our repo. > .../patches/w3m-disable-sslv2-and-sslv3.patch | 24 - > .../patches/w3m-disable-weak-ciphers.patch | 24 - > .../patches/w3m-force-ssl_verify_server-on.patch | 24 - > gnu/packages/patches/w3m-libgc.patch | 28 - > gnu/packages/patches/w3m-upstream-20120522.patch | 157 + > gnu/packages/w3m.scm | 37 +- > 8 files changed, 28668 insertions(+), 130 deletions(-) > create mode 100644 gnu/packages/patches/w3m-debian-updates.patch > delete mode 100644 gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch > delete mode 100644 gnu/packages/patches/w3m-disable-weak-ciphers.patch > delete mode 100644 gnu/packages/patches/w3m-force-ssl_verify_server-on.p= atch > delete mode 100644 gnu/packages/patches/w3m-libgc.patch > create mode 100644 gnu/packages/patches/w3m-upstream-20120522.patch Please list the removed patches in the commit message. `~Eric --Sig_/oTDnGqdZ/mZR.74bouLE4s3 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJYG/2+AAoJEB670gR4H5Ysx9QIAMs9FRETAQLhzq1qqEws5/ed y1aC34KbRZfrnXGZ12MTBDM9Ac0hNCn/qji2KU35AYPudeF87XzmVMRu/bsXt0HL 4hhdE1T2NoT5Mn1cnJSNDdpjZ2hnWEF3w7AgprFNwl6B2S0ZmX5nBx0bmWdi4/Bl s0QP2A0CudClUOmpgiRPYgnSYIYm0x5OvzmDJVbRCuWy3azV15smvCKy0C27NNFB bORf5t/rF+6DPF2AFHwhl1byMJcASntqWLoZYka2xmSTFYNOtO2JkEpxRRUrejOD DeT+CRsHmnP+D31vwFJ2M55bBxTpuu1ccyhhDf9DCDiWweJ4POOj4Ayah+wF7lQ= =VdJQ -----END PGP SIGNATURE----- --Sig_/oTDnGqdZ/mZR.74bouLE4s3--