From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id oJyvEz9HAmRbtQAAbAwnHQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 03 Mar 2023 20:15:11 +0100
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id +Aq3Ez9HAmRsDAAAauVa8A
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 03 Mar 2023 20:15:11 +0100
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id D64693CF5E
	for <larch@yhetil.org>; Fri,  3 Mar 2023 20:15:10 +0100 (CET)
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=HCZRhpOO;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1677870910;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=Zb/9yrxbNdkFpZt9EHJ4Bd00lp5y/n8zQHNGnNn0FfM=;
	b=IHxOvkdZMVRr/2FC+9nRbHYEL/XDPixg+owLVWdcyP4rTKgugvj5xQ8MTINTDqwcYXXXGJ
	SAQki02YqnT1dy9uC8OHqpB4ghASCWHmijfLUXn/XvBK3O5TDEG8BnSMvBG9tLmlq2fmMV
	85qUyGWH/MMFJHBrrmNge2DIc+9gamGiVDlmGs8Sw/7zdQSQoqh1tBfpPkWM70MPwRLkU+
	bxO5WE7P8iT8iss8soMTv1Khotdv/drIHwCgWStCc+bGMLuOVZ0n8Hgbml3cCNTRpCPlVg
	gtESMLJMEZlOEiRhzPO3YmAHLA+Zj4N1So1bfOI9Q2jkzaSyDDla3DnmTRvmEQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=HCZRhpOO;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none)
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1677870910; a=rsa-sha256; cv=none;
	b=S5C0ej3BRQgSg5FUObzHbbnm8wsw6bneprQweV3tzN+VGjht3vjUCiYaDsMFzsjmCrBEoS
	fI/PA6F+/Oq69X91K2Hf9ai/mrjJ14eB2+Q4cSveC/uWxQ1iFrIcyDmbuUG40oL1+jvpmc
	B9bU6AJQZNuBUhd3+CCO1Z8Fg3/cIpjQgPNuJAGKl1CUq2bcNQsNDKwL4Y7zBlrE8SEH2D
	71RXdab+MUD5oZXohGD5caYVJh5irTcw2clu0t5wxGdSXYENt2/UHaKje4Zx56D956X9Rn
	JmjEPqKhcR/rfs3Q2SjD1NplPYXe9oNtOJn+Gub17BoblHZieDtPFiV/Pai/Bw==
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1pYArx-0006T3-FB; Fri, 03 Mar 2023 14:15:05 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pYAru-0006RN-VM
 for guix-patches@gnu.org; Fri, 03 Mar 2023 14:15:03 -0500
Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pYAru-0002Mf-L6
 for guix-patches@gnu.org; Fri, 03 Mar 2023 14:15:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1pYAru-0003ZN-0Y
 for guix-patches@gnu.org; Fri, 03 Mar 2023 14:15:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#61583] [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490
 & CVE-2023-23946].
Resent-From: Simon Tournier <zimon.toutoune@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 03 Mar 2023 19:15:01 +0000
Resent-Message-ID: <handler.61583.B61583.167787085813631@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 61583
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Greg Hogan <code@greghogan.com>, 61583@debbugs.gnu.org,
 Christopher Baines <mail@cbaines.net>, Josselin Poiret <dev@jpoiret.xyz>,
 Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>,
 Mathieu Othacehe <othacehe@gnu.org>, Ricardo Wurmus <rekado@elephly.net>,
 Simon Tournier <zimon.toutoune@gmail.com>,
 Tobias Geerinckx-Rice <me@tobias.gr>
Cc: Greg Hogan <code@greghogan.com>
Received: via spool by 61583-submit@debbugs.gnu.org id=B61583.167787085813631
 (code B ref 61583); Fri, 03 Mar 2023 19:15:01 +0000
Received: (at 61583) by debbugs.gnu.org; 3 Mar 2023 19:14:18 +0000
Received: from localhost ([127.0.0.1]:34001 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1pYArC-0003Xn-EW
 for submit@debbugs.gnu.org; Fri, 03 Mar 2023 14:14:18 -0500
Received: from mail-wr1-f44.google.com ([209.85.221.44]:40824)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zimon.toutoune@gmail.com>) id 1pYAr9-0003XZ-SQ
 for 61583@debbugs.gnu.org; Fri, 03 Mar 2023 14:14:16 -0500
Received: by mail-wr1-f44.google.com with SMTP id t15so3277203wrz.7
 for <61583@debbugs.gnu.org>; Fri, 03 Mar 2023 11:14:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20210112; t=1677870850;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=Zb/9yrxbNdkFpZt9EHJ4Bd00lp5y/n8zQHNGnNn0FfM=;
 b=HCZRhpOO2LBreglereiERwy3CaBP1Zy+wKt0CiSURAHvm99zuzV4UK7yScSejThT9W
 HwmwlfkoGBEQBfxybBvUI2Vmp3sUq8fwAgT69KxxZVRLTnYH9m1YCEY9PrZgGe6tRIux
 gWL+C+kWMibTMJ34SNRguLcgU6OjlAgqgcXpA6DHLq5cw9rjs83qM3Jl1ciYCmk6iwim
 LnEmILgxYJNCL5GdgDY7Cc1o5VkDGktpO0Sn67uanS7/h7pKCCpxTdwn3bzmCkJlNkAK
 K1R1warm/L5g8KogpErIQ7ubW6sDNo5dR5ySjxuBL9QE9G2xfbkune15xbNEHn1LlpVs
 ONPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112; t=1677870850;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=Zb/9yrxbNdkFpZt9EHJ4Bd00lp5y/n8zQHNGnNn0FfM=;
 b=655Qch3EFPVNqlGe/kZpqJaIy/zwy2BF1t4N0+l70/IYGhhxTkx4kE+3Rxwre5/qt6
 XwKTvFPx7Iq3t+Jn+yD6rQJl/AH0cLcHbO/4VTM5uIgOnvDXl8Zc4yf/Of/B+8T4PG8+
 I3YyguqPN6nkWLYEWpPCT7ub5v1yBgHU7zl3UlVtiWnqfxR48afo4XYOg+80vDAoyBR+
 4/oq1Ae5CXCrZtwUpU9PlpON3ZfZPBeWbVxmASVVsyFYd5DD6032nPhEf78dTG8RJiNC
 P7eZ4TbKT2Y4DSxpFN1Soy26i3MWM64QJPMzK1vhUORlViTV0O7trQu4NQ8KICC1FIoP
 2vcg==
X-Gm-Message-State: AO0yUKWFDy1k8tddBSYxhnHn60tSCI5v1tv1+uyMB+3XbC1SEl1AnNCv
 YSU1j+oha0GfEjB8yka3ysA=
X-Google-Smtp-Source: AK7set9Qh3CI66u2T53HajJ528aG2WXjol/yREZUmpHEc1s5zKu9G3bhBq64MK58lcNl3Jyqe9ooXQ==
X-Received: by 2002:adf:e5cf:0:b0:2c7:940c:26f8 with SMTP id
 a15-20020adfe5cf000000b002c7940c26f8mr1869130wrn.5.1677870849978; 
 Fri, 03 Mar 2023 11:14:09 -0800 (PST)
Received: from lili (roam-nat-fw-prg-194-254-61-42.net.univ-paris-diderot.fr.
 [194.254.61.42]) by smtp.gmail.com with ESMTPSA id
 z11-20020a5d654b000000b002c70f5627d5sm2859420wrv.63.2023.03.03.11.14.09
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 03 Mar 2023 11:14:09 -0800 (PST)
From: Simon Tournier <zimon.toutoune@gmail.com>
In-Reply-To: <87y1os36js.fsf@gmail.com>
References: <20230217180402.29401-1-code@greghogan.com>
 <87y1os36js.fsf@gmail.com>
Date: Fri, 03 Mar 2023 20:14:07 +0100
Message-ID: <867cvxzlz4.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
X-Migadu-Spam-Score: 0.10
X-Spam-Score: 0.10
X-Migadu-Scanner: scn0.migadu.com
X-Migadu-Queue-Id: D64693CF5E
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: guix-patches-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
X-TUID: tTBN5eienQ4L

Hi,

CC: core team

On Mon, 20 Feb 2023 at 12:44, Simon Tournier <zimon.toutoune@gmail.com> wro=
te:

> On ven., 17 f=C3=A9vr. 2023 at 18:04, Greg Hogan <code@greghogan.com> wro=
te:

>> * gnu/packages/version-control.scm (git): Update to 2.39.2.
>
> As noticed previously for an update of Git, this implies a lot of
> rebuilds because git-minimal inherits from git.

Well, I locally rebuilt all and maybe a couple of packages break.  The
rebuild is intensive and I do not know if such update should to master
or core-updates and/or use some grafts.

For instance, QA is still saying nothing after 12 days.

    https://qa.guix.gnu.org/issue/61583


> Well, I am checking if git-minimal is used only for the tests by some of
> the packages.

I have tried to replace the plain =E2=80=99git=E2=80=99 or =E2=80=99git-min=
imal=E2=80=99 by
=E2=80=99git-minimal/pinned=E2=80=99 for some packages.  It does not change=
 much.


> For sure, it is a concern since it is a security fixes.

Hum, we are not very reactive. :-)


Cheers,
simon