Leo Famulari <l...@famulari.name> skribis: > On Thu, Nov 03, 2016 at 10:17:18PM -0500, Eric Bavier wrote: >> On Thu, 03 Nov 2016 18:54:55 -0400 >> Kei Kebreau <k...@openmailbox.org> wrote: >> >> > From b837111e3ddf406a3b9235538f63af678e3ac741 Mon Sep 17 00:00:00 2001 >> > From: Kei Kebreau <k...@openmailbox.org> >> > Date: Thu, 3 Nov 2016 17:58:48 -0400 >> > Subject: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of >> > w3m. >> > >> > Fixes some security issues seen here: >> > <http://www.openwall.com/lists/oss-security/2016/11/03/3> >> > >> > * gnu/packages/patches/w3m-upstream-20120522.patch: New file. >> > * gnu/packages/patches/w3m-debian-updates.patch: New file. >> > * gnu/packages/w3m.scm (w3m): Switch to Debian's actively maintained >> > fork of w3m. >> > [source]: Use Debian's tarball and patches. Remove obsolete patches. >> > [arguments]: Remove unnecessary modification of %standard-phases. >> > * gnu/local.mk (dist_patch_DATA): Register new patches. Remove obsolete >> > patches. >> > --- >> > gnu/local.mk | 6 +- >> > gnu/packages/patches/w3m-debian-updates.patch | 28498 >> > +++++++++++++++++++ >> >> So theirs is the only actively maintained version of w3m and all they >> can provide is a 28.5 thousand line patch? No VCS repository? There >> must be some point at which it would be better for us to fetch the >> patch in an origin rather than importing it into our repo. > > I think we build from their Git repo: > > https://anonscm.debian.org/cgit/collab-maint/w3m.git > > They even offer non-Debian-ized release tags, such as > <v0.5.3+git20161031>.
Then we should use that instead of importing all the patches in our own repo, IMO. Kei: would that work for you? Thanks, Ludo’.
