Re: kdesu security update needed

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kdesu security update needed

From:	Leo Famulari
Subject:	Re: kdesu security update needed
Date:	Sat, 1 Oct 2016 12:37:57 -0400
User-agent:	Mutt/1.7.0 (2016-08-17)

On Sat, Oct 01, 2016 at 02:19:05PM +0200, Ludovic Courtès wrote:
> Leo Famulari <address@hidden> skribis:
> > An aside, the CVE linter gives false positives for grafted packages. For
> > example, try `guix lint -c cve address@hidden
> 
> That’s been annoying me for some time so I’d like to see if we can
> improve grafting in a way that would allow us to use a different version
> number in the package replacement, which in turn would allow ‘guix lint’
> to see the right version number of the replacement.

That would be nice. The current situation (with misleading package
versions) is a huge improvement over what we had before, but I think
that users should not need to understand the implementation details of
grafting to determine the version of packages.

I always figured this quirky limitation was a side-effect of rushing to
implement recursive grafting before OpenSSL 1.0.2g was released.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: kdesu security update needed, Ludovic Courtès, 2016/10/01
- Re: kdesu security update needed, David Craven, 2016/10/01
  - Re: kdesu security update needed, Ludovic Courtès, 2016/10/02
- Re: kdesu security update needed, Leo Famulari <=
  - Re: kdesu security update needed, Ludovic Courtès, 2016/10/03
    - Re: kdesu security update needed, Leo Famulari, 2016/10/03

Prev by Date: Re: propagating inputs in ghc-* packages
Next by Date: Core-updates timeline (was: Re: [PATCH 2/2] gnu: perl: Enable threading support.)
Previous by thread: Re: kdesu security update needed
Next by thread: Re: kdesu security update needed
Index(es):
- Date
- Thread