[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A "cosmetic changes" commit that removes security fixes
From: |
Maxim Cournoyer |
Subject: |
Re: A "cosmetic changes" commit that removes security fixes |
Date: |
Fri, 23 Apr 2021 13:52:23 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
Mark H Weaver <mhw@netris.org> writes:
> Hi Léo,
>
> Léo Le Bouter <lle-bout@zaclys.net> writes:
>
>> I don't share your analysis, the security fixes werent stripped because
>> glib/cairo was also updated to latest version in subsequent commits
>> which were pushed all at once.
>
> 'glib' was updated, but 'cairo' wasn't, presumably because there's no
> newer stable release of 'cairo' to update to.
Actually, there *is* a "new" stable release available on their release
page, 1.17.2 [0]
According to NVD [1], that latest version has no known CVE [1].
Léo, could it be that you had planned to do this update, but it somehow
fell into the cracks? In any case I agree with the others that it'd
have been better to ungraft/remove patches in the same commit that
updates the software to a version that incorporates the fixes, as I'm
sure you already know: it'd have prevented this kind of situation.
I also urge you to remain calm and collaborative even in the face of
criticism; as Ricardo said, escalating things will lead us nowhere good.
Honest mistakes are made and that's no problem so long as we stand ready
to apologize for them and work together for a resolution.
I see that 宋文武 has pushed a commit
(2ab4f4c950ffa7ca40271a534cb3bed997672138) to core-updates reinstating
the security patches; thanks!
Thank you,
Maxim
[0] https://www.cairographics.org/releases/
[1]
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&seach_type=all&query=cpe:2.3:a:cairographics:cairo:-:*:*:*:*:*:*:*
- Re: A "cosmetic changes" commit that removes security fixes, (continued)
- Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes, 宋文武, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes, Léo Le Bouter, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes, Christopher Baines, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes, Leo Prikler, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes,
Maxim Cournoyer <=
- Re: A "cosmetic changes" commit that removes security fixes, Raghav Gururajan, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Maxim Cournoyer, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Raghav Gururajan, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Léo Le Bouter, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Leo Prikler, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Leo Famulari, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Léo Le Bouter, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Leo Famulari, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Giovanni Biscuolo, 2021/04/26
- Re: A "cosmetic changes" commit that removes security fixes, Leo Famulari, 2021/04/26