From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id uCB6NBOxgWB5QQAAgWs5BA (envelope-from ) for ; Thu, 22 Apr 2021 19:23:31 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id sBQzMBOxgWB8dQAAB5/wlQ (envelope-from ) for ; Thu, 22 Apr 2021 17:23:31 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9E3A015E6D for ; Thu, 22 Apr 2021 19:23:31 +0200 (CEST) Received: from localhost ([::1]:54478 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lZd34-00039N-PN for larch@yhetil.org; Thu, 22 Apr 2021 13:23:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41080) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lZd2n-00037c-86 for guix-devel@gnu.org; Thu, 22 Apr 2021 13:23:13 -0400 Received: from world.peace.net ([64.112.178.59]:37916) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lZd2k-0003EV-7h for guix-devel@gnu.org; Thu, 22 Apr 2021 13:23:13 -0400 Received: from mhw by world.peace.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lZd2a-0008Nv-T9; Thu, 22 Apr 2021 13:23:00 -0400 From: Mark H Weaver To: Raghav Gururajan , Guix Devel Subject: Re: A "cosmetic changes" commit that removes security fixes In-Reply-To: References: <87tunz11mf.fsf@netris.org> Date: Thu, 22 Apr 2021 13:21:11 -0400 Message-ID: <87y2daz13x.fsf@netris.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=64.112.178.59; envelope-from=mhw@netris.org; helo=world.peace.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Leo Prikler Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -4.00 Authentication-Results: aspmx1.migadu.com; none X-Migadu-Queue-Id: 9E3A015E6D X-Spam-Score: -4.00 X-Migadu-Scanner: scn0.migadu.com X-TUID: hvrj43hQ+ACI Hi Raghav, Raghav Gururajan writes: > Okay, I was able to retrace. When Leo and I were working outside=20 > savannah, there was master --> core-updates merge. Leo made these=20 > changes when he committed to his repo=20 > (https://logs.guix.gnu.org/guix/2021-03-26.log#000811), from which I=20 > pulled then format-patched and sent it to guix-patches=20 > (https://issues.guix.gnu.org/42958#64). From guix-patches it was then=20 > pushed to core-updates (https://issues.guix.gnu.org/42958#67), from=20 > where I cherry-picked into wip-gnome. Thank you for these links. From the IRC log cited above, it now appears that L=C3=A9o Le Bouter bears primary responsibility for these mistakes. In particular, according to the IRC logs, L=C3=A9o wrote: raghavgururajan: the main issues on the rebasing were about security fixes on cairo, gdk-pixbuf and glib I modified the cosmetic commits to remove the graft and patches etc. > It seems Leo made these for ungrafting. I not familiar with ungrafting,=20 > so I have to let Leo explain. Yes, I would very much like to hear an explanation from L=C3=A9o about how this happened. Nonetheless, you (Raghav) also bear some responsibility for digitally signing and pushing these misleading commits to the 'wip-gnome' branch. At least one of the problems (the misleading summary line) should have been obvious from a cursory glance at the commit log. Mark -- Support Richard Stallman against the vicious misinformation campaign against him and the FSF. See for more.