Leo Famulari <leo@famulari.name> skribis:

> On Mon, Mar 06, 2017 at 10:36:48PM +0100, Ludovic Courtès wrote:
>> Unfortunately, there’s no way to know whether such CVEs are actually
>> fixed at a specific package version or not, and they’re not uncommon.
>> Consequently, ‘guix lint -c cve’ would now report old CVEs that possibly
>> no longer apply to our package versions.
>
> I didn't notice any change in what the CVE checker reports after
> applying the diff. Did I miss a step?

You need to first clear your cache:

  rm -rf ~/.cache/guix/cve

Here’s the before/after diff I get: