On 07-10-2022 11:50, Ludovic Courtès wrote:
Hi, Maxime Devos <maximede...@telenet.be> skribis:I have some unapplied security patches (from before the latest release (1.3.0) (!)) (more precisely, some patches that prepare for actually being able to write the security patches, once the preparation patches are merged, the actual security fixes should be relatively simple); I think it would be rather bad for known security fixes to not be applied for a whole release, especially given how long release cycles are in Guix.Could you provide links to these?
'These' are the ‘openat’ patches:
If they depend on ‘openat’ in Guile, that won’t be an option unfortunately since we’re not going to upgrade the ‘guile’ package during that time frame.
However, upgrading the Guile package is not required, I proposed making a separate ‘guile-with-openat’ package (= current Guile + some patches), which can then be used by the service code: <https://issues.guix.gnu.org/54485> (without world rebuilds).
Greetings, Maxime.
OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
