|
From: | Raghav Gururajan |
Subject: | Re: A "cosmetic changes" commit that removes security fixes |
Date: | Wed, 21 Apr 2021 23:17:30 -0400 |
Hi Mark!
Those commits on 'core-updates' were digitally signed by Léo Le Bouter <lle-bout@zaclys.net> and have the same problems: they remove security fixes, and yet the summary lines indicate that only "cosmetic changes" were made.
Yeah, the commit title didn't mention the change but the commit message did.
I'm sorry to say that your responses have done nothing to allay my concerns.
For glib, IIRC, we updated package to latest version and guix lint didn't show any more CVEs. Also, I think the change was added as part of the cosmetic change commit, to cleanly apply succeeding patches.
For cairo, let me get back to you. Regards, RG.
OpenPGP_signature
Description: OpenPGP digital signature
[Prev in Thread] | Current Thread | [Next in Thread] |