Re: A "cosmetic changes" commit that removes security fixes

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A "cosmetic changes" commit that removes security fixes

From:	Mark H Weaver
Subject:	Re: A "cosmetic changes" commit that removes security fixes
Date:	Wed, 21 Apr 2021 22:41:49 -0400

Hi Raghav,

Raghav Gururajan <rg@raghavgururajan.name> writes:

>> Raghav Gururajan has pushed another misleading "cosmetic changes"
>> commit.
[...]
>> This one is *far* worse than the examples I gave before.
>> This one removes the security fixes for CVE-2018-19876 and
>> cairo-CVE-2020-35492 that I had applied in commit
>> bc16eacc99e801ac30cbe2aa649a2be3ca5c102a.
>
> The commit is not new. I cherry-picked from core-updates 
> (993de472ed3dfe90e1c4110b6b910c1f74d243ff), which was pushed as a part 
> of #42958.
>
>> Behold, Raghav's "cosmetic changes" to our 'cairo' package:
> The commit is also not new. I cherry-picked from core-updates 
> (f94cdc86f644984ca83164d40b17e7eed6e22091), which was pushed as a part 
> of #42958.

Those commits on 'core-updates' were digitally signed by Léo Le Bouter
<lle-bout@zaclys.net> and have the same problems: they remove security
fixes, and yet the summary lines indicate that only "cosmetic changes"
were made.

I'm sorry to say that your responses have done nothing to allay my
concerns.

       Mark

[Prev in Thread]

Current Thread

[Next in Thread]

A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/21
- Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/21
  - Re: A "cosmetic changes" commit that removes security fixes, Tobias Geerinckx-Rice, 2021/04/21
  - Re: A "cosmetic changes" commit that removes security fixes, Raghav Gururajan, 2021/04/21
- Re: A "cosmetic changes" commit that removes security fixes, Leo Prikler, 2021/04/21
  - Re: A "cosmetic changes" commit that removes security fixes, Leo Famulari, 2021/04/21
- Re: A "cosmetic changes" commit that removes security fixes, Raghav Gururajan, 2021/04/21
  - Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver <=
    - Re: A "cosmetic changes" commit that removes security fixes, Raghav Gururajan, 2021/04/21
    - Re: A "cosmetic changes" commit that removes security fixes, Raghav Gururajan, 2021/04/22
    - Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/22
    - Re: A "cosmetic changes" commit that removes security fixes, Raghav Gururajan, 2021/04/22
    - Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/22
    - Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Mark H Weaver, 2021/04/22
    - Re: Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Léo Le Bouter, 2021/04/22
    - Re: Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Ricardo Wurmus, 2021/04/22
    - Re: Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Mark H Weaver, 2021/04/22
    - Re: Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Ludovic Courtès, 2021/04/26

Prev by Date: Re: Best practices for writing services
Next by Date: Re: A "cosmetic changes" commit that removes security fixes
Previous by thread: Re: A "cosmetic changes" commit that removes security fixes
Next by thread: Re: A "cosmetic changes" commit that removes security fixes
Index(es):
- Date
- Thread