Package: guix Severity: grave Tags: patch Hi,
The blind update of Hanwen's go-fuse to 2.7.2 [1] broke Gocryptfs. [2] I have a working patch, which will appear here shortly. As a general note, I disagree with Guix's stance to diverge from go.mod when present. I spent several hours tracking down the error and testing the fix (not to mention bothering upstream) for nothing. It should have never happened Meanwhile, I was unable to log in. [3] It is a gross overestimation that the Go team can outsmart upstream developers who provide a specific list of prerequisites. It's also an error because packaging Goland prerequisites---if one can call it that---involves no more than tarring up source files. That step has few prerequisites and rebuids are rare. Multiple source versions do not burden the substitute servers. The security argument is likewise bogus, as this bug shows. Any changes to the prerequisites should be submitted upstream (or be patched when upstream is unresponsive). There are several ways to implement prerequisite tracking: Maybe it's switching package variables to functions that pull the correct version (or commit). The consuming package definition should then be generated from go.mod when present. Thanks! Kind regards Felix P.S. Sharlatan, thanks for fixing Bug#71795! [1] https://git.savannah.gnu.org/cgit/guix.git/commit/?id=d12c7edb32e3a3b2f57e8afee7ddcf4f7015363e [2] https://github.com/rfjakob/gocryptfs/issues/897 [3] https://debbugs.gnu.org/cgi/bugreport.cgi?bug=76105#11
