On Sat, Mar 18, 2017 at 01:36:31PM -0400, John Darrington wrote:
> [CC guix-devel@gnu.org]
> 
> So we have to make a choice:
> 
> 1. Package a released program with a known vulnerability; or

Although all non-trivial software contains bugs, many of which can be
exploited, we should not add new packages with known exploitable
vulnerabilities.