I don't have anything to add with respect to the process for package
removeal, but for the completeness of the thread I'd like the observe that
one of the packages that was removed (mongo-tools) was broken for over a
year: https://issues.guix.gnu.org/39637
For the reasons Efraim pointed out,
Hi Léo,
Léo Le Bouter skribis:
>> Removing a package and its services is not something to do lightly:
>> it
>> breaks user configs with no recourse.
>>
>> We must insist on getting more opinions on such matters, and I think
>> there just wasn’t enough feedback here. I understand it can be
>>
On Sun, Mar 21, 2021 at 11:15:32PM +0100, Léo Le Bouter wrote:
> Hello!
>
> > Removing a package and its services is not something to do lightly:
> > it
> > breaks user configs with no recourse.
> >
> > We must insist on getting more opinions on such matters, and I think
> > there just wasn’t
Hello!
> Removing a package and its services is not something to do lightly:
> it
> breaks user configs with no recourse.
>
> We must insist on getting more opinions on such matters, and I think
> there just wasn’t enough feedback here. I understand it can be
> frustrating to wait for input,
Hi Léo,
Léo Le Bouter skribis:
> On Wed, 2021-03-17 at 17:56 +0100, zimoun wrote:
>> If the removal for security reasons had been discussed on IRC, it
>> could
>> be nice to point the discussion here. Otherwise, open a discussion
>> on
>> the topic on guix-devel or bug-guix. The full removal
On Wed, 17 Mar 2021 at 20:11, Léo Le Bouter wrote:
> On Wed, 2021-03-17 at 19:51 +0100, zimoun wrote:
>> It shows exactly my point. The correct and polite way of doing the
>> thing is first to examine the issue at hand (3.4.10 is old with
>> security
>> vulnerabilities), then propose a fix
On Wed, 2021-03-17 at 19:51 +0100, zimoun wrote:
> It shows exactly my point. The correct and polite way of doing the
> thing is first to examine the issue at hand (3.4.10 is old with
> security
> vulnerabilities), then propose a fix (e.g., the removal), wait
> feedback,
> and complete.
Actually
The issue with 3.4.24 / 3.4.10 is that Efraim reverted the commit then
it was briefly discussed on IRC and Efraim thought I was right about
the licensing being fine on 3.4.24 and reverted their revert commit,
after some actual checking in the tarball grepping for license headers
I found out I was
On Wed, 17 Mar 2021 at 19:16, Léo Le Bouter wrote:
> On Wed, 2021-03-17 at 18:56 +0100, zimoun wrote:
>> AFAIT, 3.4.10 is released under GNU AGPL 3.0 and Apache 2.0. This
>> version had been released before the October 16th, 2018. Could you
>> point which code is non-free?
>>
>> IMHO, this
On Wed, 2021-03-17 at 18:56 +0100, zimoun wrote:
> AFAIT, 3.4.10 is released under GNU AGPL 3.0 and Apache 2.0. This
> version had been released before the October 16th, 2018. Could you
> point which code is non-free?
>
> IMHO, this claim about non-free code is wrong. The last versions
> with
On Wed, 17 Mar 2021 at 18:09, Léo Le Bouter wrote:
> On Wed, 2021-03-17 at 17:56 +0100, zimoun wrote:
>> If the removal for security reasons had been discussed on IRC, it
>> could
>> be nice to point the discussion here. Otherwise, open a discussion
>> on
>> the topic on guix-devel or bug-guix.
Sorry for duplicated email,
On Wed, 2021-03-17 at 17:56 +0100, zimoun wrote:
> If the removal for security reasons had been discussed on IRC, it
> could
> be nice to point the discussion here. Otherwise, open a discussion
> on
> the topic on guix-devel or bug-guix. The full removal is a radical
On Wed, 2021-03-17 at 17:56 +0100, zimoun wrote:
> If the removal for security reasons had been discussed on IRC, it
> could
> be nice to point the discussion here. Otherwise, open a discussion
> on
> the topic on guix-devel or bug-guix. The full removal is a radical
> solution (especially, it
Hi Léo,
On Fri, 12 Mar 2021 at 01:56, Léo Le Bouter wrote:
> mongodb 3.4.10 has unpatched CVEs and mongodb 3.4.24 has some files in the
> release tarball under the SSPL, therefore we cannot provide mongodb while
> upholding to good security standards.
[...]
> doc/guix.texi | 28
14 matches
Mail list logo
