Hello Christopher.
Christopher Baines <m...@cbaines.net> writes:
> Had the changes waited for longer, then these failures should have been
> spotted by QA, I would guess that the revision might have failed to be
> processed, and if it was processed successfully, the nss failures should
> have shown up, so maybe we should start requiring [5] that not only are
> changes sent to guix-patc...@gnu.org, but that QA processes them (to
> some extent) before merging?
>
> 5:
> https://guix.gnu.org/manual/devel/en/html_node/Managing-Patches-and-Branches.html#
Yes, though note that the nss change did provide security fixes:
commit e584ff08b162c46ef587daca438e97d56bc20b32
Author: Maxim Cournoyer <maxim.courno...@gmail.com>
Date: Wed Apr 24 11:22:30 2024 -0400
gnu: nss: Graft with version 3.98 [security fixes].
This fixes CVE-2023-5388, CVE-2023-6135 and CVE-2024-0743.
* gnu/packages/nss.scm (nss) [replacement]: New field.
(nss-3.98): Rename variable to...
(nss/fixed): ... this. Make it a hidden package.
* gnu/packages/librewolf.scm (librewolf) [inputs]: Replace nss-3.98 with
nss/fixed.
Change-Id: I8cc667c53a270dfe00738bf731923f1342036624
I suppose the requirement to wait for QA should apply to security fixes
as well?
Thank you for all your work.
Regards,
Florian
