Hello Christopher. Christopher Baines <m...@cbaines.net> writes: > Had the changes waited for longer, then these failures should have been > spotted by QA, I would guess that the revision might have failed to be > processed, and if it was processed successfully, the nss failures should > have shown up, so maybe we should start requiring [5] that not only are > changes sent to guix-patc...@gnu.org, but that QA processes them (to > some extent) before merging? > > 5: > https://guix.gnu.org/manual/devel/en/html_node/Managing-Patches-and-Branches.html#
Yes, though note that the nss change did provide security fixes: commit e584ff08b162c46ef587daca438e97d56bc20b32 Author: Maxim Cournoyer <maxim.courno...@gmail.com> Date: Wed Apr 24 11:22:30 2024 -0400 gnu: nss: Graft with version 3.98 [security fixes]. This fixes CVE-2023-5388, CVE-2023-6135 and CVE-2024-0743. * gnu/packages/nss.scm (nss) [replacement]: New field. (nss-3.98): Rename variable to... (nss/fixed): ... this. Make it a hidden package. * gnu/packages/librewolf.scm (librewolf) [inputs]: Replace nss-3.98 with nss/fixed. Change-Id: I8cc667c53a270dfe00738bf731923f1342036624 I suppose the requirement to wait for QA should apply to security fixes as well? Thank you for all your work. Regards, Florian