all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: "Léo Le Bouter" <lle-bout@zaclys.net>
To: Tobias Geerinckx-Rice <me@tobias.gr>
Cc: Mark H Weaver <mhw@netris.org>, Leo Famulari <leo@famulari.name>,
	Maxim Cournoyer <maxim.cournoyer@gmail.com>,
	Raghav Gururajan <rg@raghavgururajan.name>,
	Leo Prikler <leo.prikler@student.tugraz.at>,
	Sou Bunnbu <iyzsong@gmail.com>,
	guix-devel@gnu.org
Subject: Re: A "cosmetic changes" commit that removes security fixes
Date: Mon, 26 Apr 2021 19:46:34 +0200	[thread overview]
Message-ID: <c36a8dbb810f84c67dd801804dad0caef2404e65.camel@zaclys.net> (raw)
In-Reply-To: <87eeext6h4.fsf@nckx>

[-- Attachment #1: Type: text/plain, Size: 2631 bytes --]

On Mon, 2021-04-26 at 17:23 +0200, Tobias Geerinckx-Rice wrote:
> Hi Léo,
> 
> > https://git.sr.ht/~lle-bout/guix/commit/a045a48dd961f0c5c3d536dcc3fd21d9c08d2d50
> > https://git.sr.ht/~lle-bout/guix/commit/6477daa338fbf1c9edacfc3690aca77cacfe0008
> > 
> > Can you please explain what went wrong here?
> 
> Is a reasonable question, shared by all of us, not just Mark.  The 
> constructive way forward is to answer it fully.  It's in your best 
> interest to do so.
> 
> Kind regards,
> 
> T G-R

I am sorry, I will not. It's evident nothing went wrong and Mark is not
asking questions that are beneficial to anyone here besides
contributing to public shaming of people. The fix is already pushed and
thank you to the person that made it and Mark for identifying the
issue, however I don't say thank you for trying to publicly shame
people on the mailing list, both Raghav and me. At best there was an
oversight (like there's many in various commits made everyday to GNU
Guix) where I assumed the latest version of software would contain all
security fixes (as I tend to consider GNONE software such as cairo is
well maintained upstream security-wise, seems not), I don't think
there's anything more to add. I find Mark's way of communicating about
these issues not constructive and unfriendly. I think that if Mark or
anyone else's expect me to answer I think they should not phrase
criticism in a way that they accuse me or anyone else of having made a
mistake. I don't think we should find who is responsible for mistakes,
we could however ask advice on what happened to fix the mistake in case
the person that introduced it cannot. And to ever think I would act in
bad faith towards GNU Guix security when I spent entire weeks checking
and patching CVEs full time, I don't think that would make sense.

On Mon, 2021-04-26 at 19:21 +0200, Ludovic Courtès wrote:
> Hi Léo,
> 
> Tobias Geerinckx-Rice <me@tobias.gr> skribis:
> 
> > > 
https://git.sr.ht/~lle-bout/guix/commit/a045a48dd961f0c5c3d536dcc3fd21d9c08d2d50
> > > 
https://git.sr.ht/~lle-bout/guix/commit/6477daa338fbf1c9edacfc3690aca77cacfe0008
> > > Can you please explain what went wrong here?
> > 
> > Is a reasonable question, shared by all of us, not just Mark.  The
> > constructive way forward is to answer it fully.  It's in your best 
> > interest to do so.
> 
> I concur.  Please reply as soon as you can so we can understand what
> happened, restore trust, and collectively avoid such pitfalls in the
> future.
> 
> Thanks in advance,
> Ludo’.

I don't understand how trust would be lost.

Léo

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

  parent reply	other threads:[~2021-04-26 17:50 UTC|newest]

Thread overview: 102+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-22  0:58 A "cosmetic changes" commit that removes security fixes Raghav Gururajan
2021-04-22  2:41 ` Mark H Weaver
2021-04-22  3:17   ` Raghav Gururajan
2021-04-22  4:05     ` Raghav Gururajan
2021-04-22  4:33       ` Mark H Weaver
2021-04-22  5:02         ` Raghav Gururajan
2021-04-22 17:21       ` Mark H Weaver
2021-04-22 17:40         ` Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes) Mark H Weaver
2021-04-22 20:06           ` Léo Le Bouter
2021-04-22 21:24             ` Ricardo Wurmus
2021-04-22 21:33             ` Mark H Weaver
2021-04-26 17:17               ` Ludovic Courtès
2021-04-28 16:43                 ` Criticisms of my "tone" " Mark H Weaver
2021-04-28 17:55                   ` Leo Famulari
2021-04-28 20:24                     ` Pjotr Prins
2021-04-29  6:54                       ` Joshua Branson
2021-04-29  9:26                   ` Léo Le Bouter
2021-04-29 15:30                     ` Matias Jose Seco Baccanelli
2021-04-30  0:57                   ` aviva
2021-05-01 17:02                   ` Giovanni Biscuolo
2021-05-01 20:07                     ` Leo Prikler
2021-05-01 22:12                       ` Mark H Weaver
2021-05-01 22:54                         ` Mark H Weaver
2021-05-01 23:15                         ` Leo Prikler
2021-05-02  3:13                           ` Mark H Weaver
2021-05-02 10:31                             ` Leo Prikler
2021-05-03  9:00                               ` Mark H Weaver
2021-05-03  9:59                                 ` Leo Prikler
2021-05-03 17:00                                   ` Mark H Weaver
2021-05-02  4:17                           ` 宋文武
2021-05-02  4:31                             ` Leo Famulari
2021-05-02  6:26                               ` 宋文武
2021-05-02 15:01                             ` Leo Prikler
2021-05-02 19:29                               ` Mark H Weaver
2021-05-02 20:09                                 ` Leo Prikler
2021-05-02 21:02                                   ` Mark H Weaver
2021-05-02 21:58                                     ` Leo Prikler
2021-05-02 20:59                                 ` Ludovic Courtès
2021-05-02 21:23                                   ` Mark H Weaver
     [not found]                           ` <87czu9sr9k.fsf@outlook.com>
2021-05-02  4:33                             ` 宋文武
2021-04-22 21:51             ` Another misleading commit log " Ludovic Courtès
2021-04-22 21:49         ` A "cosmetic changes" commit that removes security fixes Raghav Gururajan
2021-04-24  8:09           ` Mark H Weaver
2021-04-30  0:58             ` aviva
2021-04-22 18:37       ` Leo Famulari
2021-04-22 18:48         ` Mark H Weaver
2021-04-22 21:50         ` Raghav Gururajan
2021-04-22  4:08     ` Mark H Weaver
2021-04-22 11:39       ` 宋文武
2021-04-22 13:28         ` Mark H Weaver
2021-04-22 20:01       ` Léo Le Bouter
2021-04-22 21:08         ` Christopher Baines
2021-04-22 21:09         ` Leo Prikler
2021-04-22 21:21         ` Mark H Weaver
2021-04-23 17:52           ` Maxim Cournoyer
2021-04-23 18:00             ` Raghav Gururajan
2021-04-23 18:38               ` Maxim Cournoyer
2021-04-23 22:06                 ` Raghav Gururajan
2021-04-23 18:50             ` Léo Le Bouter
2021-04-23 19:15               ` Leo Prikler
2021-04-23 19:18               ` Leo Famulari
2021-04-23 19:33                 ` Léo Le Bouter
2021-04-23 20:12                   ` Leo Famulari
2021-04-26 17:06                     ` Giovanni Biscuolo
2021-04-26 17:32                       ` Leo Famulari
2021-04-26 21:56                         ` Giovanni Biscuolo
2021-04-26 23:01                           ` Leo Famulari
2021-04-24  7:46                   ` Mark H Weaver
2021-04-26 14:59                     ` Léo Le Bouter
2021-04-26 15:23                       ` Tobias Geerinckx-Rice
2021-04-26 17:21                         ` Ludovic Courtès
2021-04-26 20:07                           ` Pjotr Prins
2021-04-26 17:46                         ` Léo Le Bouter [this message]
2021-04-28 15:52                           ` Marius Bakke
2021-04-29  9:13                             ` Léo Le Bouter
2021-04-29 11:46                               ` Leo Prikler
2021-04-29 11:57                                 ` Léo Le Bouter
2021-04-29 11:41                             ` Arun Isaac
2021-04-29 12:44                               ` Pierre Neidhardt
2021-04-29 14:14                                 ` Pjotr Prins
2021-04-30 17:40                                   ` Pierre Neidhardt
2021-04-30 19:56                                     ` Pjotr Prins
2021-05-01  7:23                                       ` Arun Isaac
2021-05-01 12:40                                         ` Pjotr Prins
2021-05-01  9:15                                       ` Pierre Neidhardt
2021-05-01 10:18                                         ` Yasuaki Kudo
2021-05-03  7:18                                           ` Pierre Neidhardt
2021-05-01 14:50                                     ` Giovanni Biscuolo
2021-05-03  7:25                                       ` Pierre Neidhardt
2021-05-04  2:18                                         ` Bengt Richter
2021-05-04  6:55                                           ` Pierre Neidhardt
2021-05-04 15:43                                             ` Ludovic Courtès
2021-05-06 17:18                                               ` Pierre Neidhardt
2021-04-29 16:21                               ` Arun Isaac
2021-04-26 19:31                 ` Léo Le Bouter
2021-04-27 18:10                   ` Andreas Enge
  -- strict thread matches above, loose matches on Subject: below --
2021-04-21 21:11 Mark H Weaver
2021-04-21 21:24 ` Mark H Weaver
2021-04-21 22:22   ` Tobias Geerinckx-Rice
2021-04-21 23:45   ` Raghav Gururajan
2021-04-21 22:16 ` Leo Prikler
2021-04-21 22:52   ` Leo Famulari

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c36a8dbb810f84c67dd801804dad0caef2404e65.camel@zaclys.net \
    --to=lle-bout@zaclys.net \
    --cc=guix-devel@gnu.org \
    --cc=iyzsong@gmail.com \
    --cc=leo.prikler@student.tugraz.at \
    --cc=leo@famulari.name \
    --cc=maxim.cournoyer@gmail.com \
    --cc=me@tobias.gr \
    --cc=mhw@netris.org \
    --cc=rg@raghavgururajan.name \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.