Re: gunicorn and CVE-2024-1135

2024-07-17 Thread Leo Famulari
On Wed, Jul 17, 2024 at 04:08:34AM +, jgart wrote: > I provided gunicorn-next in a recent commit to master which fixes > CVE-2024-1135 but I don't have time at the moment to fix the bad gunicorn's > dependents* against gunicorn-next. I'm not sure I understand the question. Gunicorn-next cont

Re: [PATCH Cuirass 1/4] specification: Ensure name is a symbol.

2024-07-17 Thread Simon Tournier
Hi, On Mon, 17 Jun 2024 at 15:16, Ludovic Courtès wrote: > statically-typed language programmers would be > right to laugh at us here, I admit Nah because the new feature is really nice! :-) Thanks. But it remembers me one of our first in-person discussion back then on

Re: Reducing "You found a bug" reports

2024-07-17 Thread Simon Tournier
Hi, On Mon, 17 Jun 2024 at 14:59, Ludovic Courtès wrote: >> It doesn’t feel great to tell users to report a bug for things that >> aren’t bugs. They’re either closed, or never followed up on; it’s a >> poor experience on both ends. > > I agree, it’s pretty bad. > > I’m fine removing the “report

Re: Question about changing versioning for TeX Live packages

2024-07-17 Thread Simon Tournier
Hi Nicolas, Sorry if this had been answered elsewhere, I have missed it. On Sat, 15 Jun 2024 at 19:07, Nicolas Goaziou via "Development of GNU Guix and the GNU System distribution." wrote: > I'd like to change versioning for TeX Live packages. Currently, it > refers to a revision number in the

Re: gunicorn and CVE-2024-1135

2024-07-17 Thread jgart
> I'm not sure I understand the question. Gunicorn-next contains the CVE > > fix, but gunicorn does not? Is that correct? Yep, that is correct. gunicorn does not contain the fix and gunicorn-next does contain the fix.

Re: gunicorn and CVE-2024-1135

2024-07-17 Thread Leo Famulari
On Wed, Jul 17, 2024 at 09:21:53PM +, jgart wrote: > > I'm not sure I understand the question. Gunicorn-next contains the CVE > > > > fix, but gunicorn does not? Is that correct? > > Yep, that is correct. gunicorn does not contain the fix and gunicorn-next > does contain the fix. Okay. Is t

Re: gunicorn and CVE-2024-1135

2024-07-17 Thread jgart
> Okay. Is there a reason to create gunicorn-next rather than updating > > gunicorn? Hi Leo, Yes, time. Updating the packages that depend on that bad gunicorn will take time which I don't have at the moment to fix them, unfortunately. I might not be able to get to updating all those packages u

Guix in the News

2024-07-17 Thread Development of GNU Guix and the GNU System distribution.
Hi everyone, Here is an article from LWN that mentions Guix (without GNU): https://lwn.net/SubscriberLink/981124/9284136ea244d238/ Kind regards Felix