[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#61583] [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & C
From: |
Josselin Poiret |
Subject: |
[bug#61583] [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946]. |
Date: |
Sat, 04 Mar 2023 11:30:57 +0100 |
Hi Leo,
Leo Famulari <leo@famulari.name> writes:
> That's not a significant number of packages.
>
> Overall, git and git-minimal will cause more than 300 rebuilds, but not
> too many for the current state of the build farm.
>
> Concretely, why can't we push this to master immediately?
`guix refresh` is not great for core packages: it only detects things
that depend on other packages through inputs. Here though, git is used
indirectly by git-fetch origins, and would affect the dependency graph a
lot more. I think this should be grafted to avoid too many rebuilds,
and ungrafted on core-updates (maybe now, maybe after the big
core-updates merge).
Best,
--
Josselin Poiret
signature.asc
Description: PGP signature
[bug#61583] [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946]., Simon Tournier, 2023/03/04