From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marius Bakke <mbakke@fastmail.com>
Subject: Re: 02/03: gnu: nghttp2: Update to 1.31.1 [fixes CVE-2018-1000168].
Date: Thu, 12 Apr 2018 20:15:10 +0200
Message-ID: <87vacwb8b5.fsf@fastmail.com>
References: <20180412174905.23638.55280@vcs0.savannah.gnu.org>
	<20180412174906.CDFB12052F@vcs0.savannah.gnu.org>
	<87d0z4b8kf.fsf@netris.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44770)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1f6gkf-0002mz-5k
	for guix-devel@gnu.org; Thu, 12 Apr 2018 14:15:18 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1f6gkb-0003Zw-5i
	for guix-devel@gnu.org; Thu, 12 Apr 2018 14:15:17 -0400
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:39235)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1f6gka-0003ZQ-Vz
	for guix-devel@gnu.org; Thu, 12 Apr 2018 14:15:13 -0400
In-Reply-To: <87d0z4b8kf.fsf@netris.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Mark H Weaver <mhw@netris.org> writes:

> Hi Marius,
>
> mbakke@fastmail.com (Marius Bakke) writes:
>
>> mbakke pushed a commit to branch master
>> in repository guix.
>>
>> commit 65bfe30d8a4e930599603f6d835023bbd0dbcb9a
>> Author: Marius Bakke <mbakke@fastmail.com>
>> Date:   Thu Apr 12 19:43:31 2018 +0200
>>
>>     gnu: nghttp2: Update to 1.31.1 [fixes CVE-2018-1000168].
>>=20=20=20=20=20
>>     * gnu/packages/web.scm (nghttp2): Update to 1.31.1.
>
> Thank you for this, but it would entail far too many builds to update on
> the 'master' branch.  'curl' depends on 'nghttp2'.  According to 'guix
> refresh -l', it would require 2839 rebuilds on x86_64.

On 'master', nghttp2 only has 1 dependent, the reverse curl dependency
was added in this 'core-updates'.

Since we haven't started the "full" core-updates on Hydra yet, I figured
it was okay.  What do you think?

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlrPoi4ACgkQoqBt8qM6
VPqHhgf/bExh8YYfjWWCPY/dOMtjQXq7Vzj50AljtLy7zMkduPZ4Bc0fvIfu4XqP
k+TcdGZkVsjT7+2rwKzCwxsz0/PAKf+K1Oo5gFLmnzkLjG/ds0e0ybjIULXSNIWN
ySCQuKfGRNCcLqjRAJYxZLBRMztfQp1T93QYNUcesJAv/0UWi+mf73mOwVPCp9Qx
7iFIBaplIFE0RmOr09/WmCu3wRHlzJ+n9Z6BzY9aNLfOf5sKJu2DObap7zBPWJ6A
8Mgn5lwkhmRfPbnZBcM9OfFK0WncxRb/UB/02nxGmeQOcayafeymrc/4rJgfEoVz
IO87OwJsGd/5k1yIdq+Gqmgovjw8gw==
=9ivc
-----END PGP SIGNATURE-----
--=-=-=--