[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A "cosmetic changes" commit that removes security fixes
From: |
Raghav Gururajan |
Subject: |
Re: A "cosmetic changes" commit that removes security fixes |
Date: |
Wed, 21 Apr 2021 20:58:30 -0400 |
Hi Mark!
Raghav Gururajan has pushed another misleading "cosmetic changes"
commit.
When you brought-up the concern
(https://lists.gnu.org/archive/html/guix-devel/2020-12/msg00008.html),
which I am grateful for, I have worked myself to prevent that from
happening. It was so hard for me provided that I suffer from OCD
(clinically-diagnosed and being treated for). I never made single "Make
cosmetic changes" patches after that discussion. These two patches you
are referring to, was made even before our discussion, as a part of
wip-desktop work. The patches were pushed to core-updates as a part of
#42958. Also, during review, I clearly stated about these two cosmetic
changes patches, in this message (https://issues.guix.gnu.org/42958#64).
This one is *far* worse than the examples I gave before.
This one removes the security fixes for CVE-2018-19876 and
cairo-CVE-2020-35492 that I had applied in commit
bc16eacc99e801ac30cbe2aa649a2be3ca5c102a.
The commit is not new. I cherry-picked from core-updates
(993de472ed3dfe90e1c4110b6b910c1f74d243ff), which was pushed as a part
of #42958.
Behold, Raghav's "cosmetic changes" to our 'cairo' package:
The commit is also not new. I cherry-picked from core-updates
(f94cdc86f644984ca83164d40b17e7eed6e22091), which was pushed as a part
of #42958.
NOTE:
When I format-patched these patches, initially (42958), did not contain
changes to remove CVE. IIRC, when Leo and I were working outside of
savannah, this change was probably added when we updated glib to latest
version.
With this in mind, does anyone else find it worrisome that Raghav has
commit access?
I wish you had given me the benefit of the doubt.
Regards,
RG.
OpenPGP_signature
Description: OpenPGP digital signature
- A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/21
- Re: A "cosmetic changes" commit that removes security fixes,
Raghav Gururajan <=
- Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/21
- Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/22
- Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Mark H Weaver, 2021/04/22
- Re: Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Léo Le Bouter, 2021/04/22
- Re: Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Ricardo Wurmus, 2021/04/22
- Re: Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Mark H Weaver, 2021/04/22