On Wed, Jan 27, 2016 at 09:03:45PM +0100, Andreas Enge wrote: > On Wed, Jan 27, 2016 at 01:57:22PM -0500, Leo Famulari wrote: > > This patch updates curl to 7.47.0, fixing CVE-2016-0755 [0][1]. > > Ouch! > > guix refresh -l curl > Building the following 318 packages would ensure 772 dependent packages are > rebuilt > > This is about a quarter of all packages. > > > Feel free to apply the patch where appropriate. > > I would suggest the following: Quickly merge core-updates once the packages > on x86_64 are built (there are not many left, and qt-5 did build successfully > sequentially, so this could be done tomorrow), then create a new > security-updates branch with the patch for curl. > > What do you think?
Civodul and mark_weaver discussed how best to apply it on #guix. I think the plan is to build it in a branch with tomorrow's OpenSSL security update. > > Andreas >
