Re: Needed: tooling to detect references to buggy */stable packages (was: Re: [PATCHES] ImageMagick security updates without grafting)

2021-04-05 Thread Maxime Devos
On Sun, 2021-04-04 at 16:14 -0400, Mark H Weaver wrote: > Maxime Devo wrote: > > * In some places we have the following pattern: > > > > [...] > I don't understand this. Why would it need to be made unconditional? I don't understand either anymore. > [...] > > At the present time, I'm more in

Re: Needed: tooling to detect references to buggy */stable packages (was: Re: [PATCHES] ImageMagick security updates without grafting)

2021-04-04 Thread Mark H Weaver
Hi Maxime, Maxime Devos writes: > On Sun, 2021-03-28 at 18:33 -0400, Mark H Weaver wrote: >> Earlier, I wrote: >> > One thing to be very careful about is to only use 'gtk-doc/stable', >> > 'dblatex/stable', and 'imagemagick/stable' in native-inputs, and >> > moreover to make sure that no referen

Re: Needed: tooling to detect references to buggy */stable packages

2021-04-04 Thread Mark H Weaver
Hi Ludovic, Ludovic Courtès writes: > Mark H Weaver skribis: > >> It occurs to me that we will need some tooling to ensure that no >> references to these buggy "*/stable" packages end up in package outputs >> that users actually use. Otherwise, it is likely that sooner or later, >> a runtime r

Re: Needed: tooling to detect references to buggy */stable packages

2021-03-30 Thread Ludovic Courtès
Hi, Mark H Weaver skribis: > It occurs to me that we will need some tooling to ensure that no > references to these buggy "*/stable" packages end up in package outputs > that users actually use. Otherwise, it is likely that sooner or later, > a runtime reference to one of these buggy packages w

Re: Needed: tooling to detect references to buggy */stable packages (was: Re: [PATCHES] ImageMagick security updates without grafting)

2021-03-29 Thread Ricardo Wurmus
Mark H Weaver writes: > Earlier, I wrote: >> One thing to be very careful about is to only use 'gtk-doc/stable', >> 'dblatex/stable', and 'imagemagick/stable' in native-inputs, and >> moreover to make sure that no references to these */stable packages >> remain in any package outputs. >> >> Of

Re: Needed: tooling to detect references to buggy */stable packages (was: Re: [PATCHES] ImageMagick security updates without grafting)

2021-03-28 Thread Maxime Devos
On Sun, 2021-03-28 at 18:33 -0400, Mark H Weaver wrote: > Earlier, I wrote: > > One thing to be very careful about is to only use 'gtk-doc/stable', > > 'dblatex/stable', and 'imagemagick/stable' in native-inputs, and > > moreover to make sure that no references to these */stable packages > > remain

Needed: tooling to detect references to buggy */stable packages (was: Re: [PATCHES] ImageMagick security updates without grafting)

2021-03-28 Thread Mark H Weaver
Earlier, I wrote: > One thing to be very careful about is to only use 'gtk-doc/stable', > 'dblatex/stable', and 'imagemagick/stable' in native-inputs, and > moreover to make sure that no references to these */stable packages > remain in any package outputs. > > Of course, if any package retains ref