Hi, It does seem like the security aspect played a role in delaying a quicker resolution (in the form of a revert). I haven't reviewed the severity and exploitability of the CVE that affected libxml2, but in general I think a working system should prevail over a secure system, so a quick revert would have been reasonable here still, while we were prepping the ungraft on the next branch to be merged (mesa-updates) branch.
I think we need to add more guidance for grafts in our manual also, stressing that runtime testing is necessary because grafts failures only become apparent at runtime, won't be detected by e.g. guix build -P1 gnome' (because the grafts mechanism does not happen inside a build, IIUC). We could also document when package/inherit is to be used, and detail how to test for ABI compatibility (I believe there's a tool that can do that). -- Thanks, Maxim
