> Okay. Is there a reason to create gunicorn-next rather than updating > > gunicorn?
Hi Leo, Yes, time. Updating the packages that depend on that bad gunicorn will take time which I don't have at the moment to fix them, unfortunately. I might not be able to get to updating all those packages until maybe up to 2 or more weeks from now depending on how busy I am. > Otherwise, Guix will not build, and we won't have successfully mitigated > > the vulnerability for our users. Yep, I just made the gunicorn-next package available for anyone that wants to use it but it's not integrated into the dependents as listed by `guix refresh -l gunicorn@20.1.0`. It is standalone. If anyone would like to work on it before I am able to get to it feel free. I just thought I'd let people know here in case it is higher priority for anyone else. all best, jgart
