Re: Why [bug#47081] Remove mongodb?

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why [bug#47081] Remove mongodb?

From:	zimoun
Subject:	Re: Why [bug#47081] Remove mongodb?
Date:	Wed, 17 Mar 2021 22:24:09 +0100

On Wed, 17 Mar 2021 at 20:11, Léo Le Bouter <lle-bout@zaclys.net> wrote:
> On Wed, 2021-03-17 at 19:51 +0100, zimoun wrote:
>> It shows exactly my point.  The correct and polite way of doing the
>> thing is first to examine the issue at hand (3.4.10 is old with
>> security
>> vulnerabilities), then propose a fix (e.g., the removal), wait
>> feedback,
>> and complete.
>
> Actually we did not know pushing a security fix with 3.4.24 was not
> fine, from quick auditing I have made 3.4.24 would still be under AGPL
> so it would be fine to upgrade, turns out not since some files inside
> are under SSPL but that was discovered way later, even when Efraim had

Later means here only hours.

> doubt and reverted my commit we had a debate and Efraim bought my
> arguing even though I was wrong and they were right, if for every
> security issue I have to ask feedback I may not ship them in a timely
> manner, so that's also why they tend to be pushed faster than usual..

Haste is not speed.

> we may want to establish a clear process here. I usually create issues
> for things I need help on, if I can do it myself and feel confident, I
> just push, I can be wrong of course and always sorry for issues, I fix
> them shortly in next commits if any.

I really appreciate your valuable work. I have the impression you think
that you have to push as fast as you can, whatever if it is the right
fix.  If I might, first please avoid to burn out and second do not
worry, the world will not explode because of a security vulnerability in
Guix.  Maybe one day when Guix will dominate the world, soon! :-)

I am not convinced that the regular Guix user is upgrading their package
set twice a day; maybe once a week at best and more probably time to
time.  Guix is rooted in The Right Thing™ and sometimes it means delay
to think what the right thing really is.  Therefore, the process is
already clear: go via guix-patch for non-trivial changes and wait
feedback.

At the end, I cannot express better what Tobias wrote:

   <https://yhetil.org/guix/87ft0un7ma.fsf@nckx>

or Leo:

   <https://yhetil.org/guix/YFEDt/PUd2ZeC6/F@jasmine.lan>

All the best,
simon

[Prev in Thread]

Current Thread

[Next in Thread]

Why [bug#47081] Remove mongodb?, zimoun, 2021/03/17
- Re: Why [bug#47081] Remove mongodb?, Léo Le Bouter, 2021/03/17
  - Re: Why [bug#47081] Remove mongodb?, zimoun, 2021/03/17
    - Re: Why [bug#47081] Remove mongodb?, Léo Le Bouter, 2021/03/17
    - Re: Why [bug#47081] Remove mongodb?, zimoun, 2021/03/17
    - Re: Why [bug#47081] Remove mongodb?, Léo Le Bouter, 2021/03/17
    - Re: Why [bug#47081] Remove mongodb?, Léo Le Bouter, 2021/03/17
    - Re: Why [bug#47081] Remove mongodb?, zimoun <=
  - Re: Why [bug#47081] Remove mongodb?, Ludovic Courtès, 2021/03/20
    - Re: Why [bug#47081] Remove mongodb?, Léo Le Bouter, 2021/03/21
    - Re: Why [bug#47081] Remove mongodb?, Efraim Flashner, 2021/03/22
    - Re: Why [bug#47081] Remove mongodb?, Ludovic Courtès, 2021/03/22
    - Re: Why [bug#47081] Remove mongodb?, Jack Hill, 2021/03/22
- Re: Why [bug#47081] Remove mongodb?, Léo Le Bouter, 2021/03/17

Prev by Date: Re: Why [bug#47081] Remove mongodb?
Next by Date: Re: Are gzip-compressed substitutes still used?
Previous by thread: Re: Why [bug#47081] Remove mongodb?
Next by thread: Re: Why [bug#47081] Remove mongodb?
Index(es):
- Date
- Thread