Ouch, removal of guix from Debian would hurt. Was any of the discussion public? Is there any chance to find a compromise to keep the package?
The current Debian packaging are based on releases, which causes some problem. Another approach is to base it on recent git commits, which ought to have security bugs fixed. Due to the nature of how Guix is rolling maybe handling of Guix security in Debian could be an exception? Instead of back-port things, just publish a new version with security fixes. This would be similar to how we treat Firefox if I recall correctly. If it would help, I can offer cycles to co-maintain Guix in Debian. Back-porting security fixes sounds really complicated and I'm not sure I see the point of handling Guix like that. Are there any use-cases of Guix via Debian that would break if we just bumped to latest upstream version after a security problem? /Simon
signature.asc
Description: PGP signature
