* bug#40478: feature request/idea: guix pull --news should show information about new package replacements
@ 2020-04-07 1:17 Jack Hill
2020-04-07 9:54 ` Ludovic Courtès
0 siblings, 1 reply; 2+ messages in thread
From: Jack Hill @ 2020-04-07 1:17 UTC (permalink / raw)
To: 40478
[-- Attachment #1: Type: text/plain, Size: 720 bytes --]
Hi Guix,
I'm an avid reader of `guix pull --news`. I like learning about new and
updated software. However, I noticed that when a package gains a new
replacement (e.g. for a security fix via grafting), it is not mentioned.
We do not show all changes to package definitions in the new, but since a
new replacement is often for a security fix, I think it is significant
enough to warrant showing in the news. I'm imagining something like:
"""
n packages with new replacements: gnutls, …
"""
or perhaps:
"""
n packages with new grafts: libxml, …
"""
I haven't yet though about the implementation of this. I would want to
avoid doing too much extra work for `guix pull --news`.
What do you think?
Best,
Jack
^ permalink raw reply [flat|nested] 2+ messages in thread
* bug#40478: feature request/idea: guix pull --news should show information about new package replacements
2020-04-07 1:17 bug#40478: feature request/idea: guix pull --news should show information about new package replacements Jack Hill
@ 2020-04-07 9:54 ` Ludovic Courtès
0 siblings, 0 replies; 2+ messages in thread
From: Ludovic Courtès @ 2020-04-07 9:54 UTC (permalink / raw)
To: Jack Hill; +Cc: 40478
Hi,
Jack Hill <jackhill@jackhill.us> skribis:
> I'm an avid reader of `guix pull --news`. I like learning about new
> and updated software. However, I noticed that when a package gains a
> new replacement (e.g. for a security fix via grafting), it is not
> mentioned. We do not show all changes to package definitions in the
> new, but since a new replacement is often for a security fix, I think
> it is significant enough to warrant showing in the news. I'm imagining
> something like:
>
> """
> n packages with new replacements: gnutls, …
> """
>
> or perhaps:
>
> """
> n packages with new grafts: libxml, …
> """
>
> I haven't yet though about the implementation of this. I would want to
> avoid doing too much extra work for `guix pull --news`.
>
> What do you think?
I think it’s a great idea!
It would be even better if the message were higher-level:
The following security issues were fixed:
CVE-XYZ (gnutls), CVE-123 (icecat), etc.
The (guix cve) module would come in handy but it would be hard to
implement efficiently, I think.
Ludo’.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-04-07 9:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-07 1:17 bug#40478: feature request/idea: guix pull --news should show information about new package replacements Jack Hill
2020-04-07 9:54 ` Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.