Leo Famulari <leo@famulari.name> writes:

> On Fri, Nov 04, 2016 at 01:05:02PM -0400, Kei Kebreau wrote:
>> From 1eede14194c83b70725b6de062b9d3e0acce6340 Mon Sep 17 00:00:00 2001
>> From: Kei Kebreau <kei@openmailbox.org>
>> Date: Fri, 4 Nov 2016 12:43:28 -0400
>> Subject: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m.
>> 
>> Fixes some security issues seen here:
>> <http://www.openwall.com/lists/oss-security/2016/11/03/3>
>> 
>> * gnu/packages/w3m.scm (w3m): Switch it.
>> [source]: Use Debian's git tree. Remove obsolete patches.
>> [arguments]: Remove unnecessary modification of %standard-phases.
>> * gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch,
>> gnu/packages/patches/w3m-disable-weak-ciphers.patch,
>> gnu/packages/patches/w3m-force-ssl_verify_server-on.patch,
>> gnu/packages/patches/w3m-libgc.patch: Delete files.
>> * gnu/local.mk (dist_patch_DATA): Remove them.
>
>> +  (let ((commit "5cf75248f5833db00d53a33c30a525bb40f5512b")
>> +        (revision "1"))  ; Guix package revision
>> +    (package
>> +      (name "w3m")
>> +      (version (string-append "0.5.3-" revision "." (string-take commit 7)))
>> +      (source (origin
>> +                (method git-fetch)
>> +                ;; Debian's fork of w3m is the only one that is still
>> +                ;; maintained.
>> +                (uri (git-reference
>> +                      (url "https://anonscm.debian.org/cgit/collab-maint/w3m.git")
>> +                      (commit commit)))
>
> We can just use the Git tag as the version and the commit, like in this
> stale package:
>
> https://github.com/lfam/pkgs/blob/master/leo/packages/w3m-debian.scm
>
> I think that's simpler.
>
> Looks good with this change :)

Is this good?