[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47144: [PATCH 3/3] gnu: patch: Graft to latest commit [security fixe
|
From: |
Maxim Cournoyer |
|
Subject: |
bug#47144: [PATCH 3/3] gnu: patch: Graft to latest commit [security fixes]. |
|
Date: |
Sat, 01 Jun 2024 11:02:49 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Hi Ludovic,
Ludovic Courtès <ludo@gnu.org> writes:
> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>
>> (define-public patch
>> (package
>> + (replacement patch/fixed)
>
> Unless I’m mistaken, this will have practically no effect because Patch
> is a build-time-only dependency.
>
> My recommendation would be to not add a ‘replacement’ field at all.
> Instead, you could add a new ‘patch/latest’ public variable pointing to
> that commit that you picked. That way, users running ‘guix install
> patch’ or similar will get the latest version of Patch.
I see what you mean, but for all practical purposes, using a graft seems
a more thorough (because it affects the original 'patch' *variable* as
well) means that have the same effect for users, so I'd seems like a
slightly better option to me.
So e.g. someone using the Guix API referencing exactly to the 'patch'
package variable would get a secure version, but would otherwise need to
know to adjust their code to use 'patch/latest'.
Does that make sense?
--
Thanks,
Maxim
bug#47144: [PATCH 3/3] gnu: patch: Graft to latest commit [security fixes]., Simon Tournier, 2024/06/04