[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A "cosmetic changes" commit that removes security fixes
From: |
Mark H Weaver |
Subject: |
Re: A "cosmetic changes" commit that removes security fixes |
Date: |
Wed, 21 Apr 2021 22:41:49 -0400 |
Hi Raghav,
Raghav Gururajan <rg@raghavgururajan.name> writes:
>> Raghav Gururajan has pushed another misleading "cosmetic changes"
>> commit.
[...]
>> This one is *far* worse than the examples I gave before.
>> This one removes the security fixes for CVE-2018-19876 and
>> cairo-CVE-2020-35492 that I had applied in commit
>> bc16eacc99e801ac30cbe2aa649a2be3ca5c102a.
>
> The commit is not new. I cherry-picked from core-updates
> (993de472ed3dfe90e1c4110b6b910c1f74d243ff), which was pushed as a part
> of #42958.
>
>> Behold, Raghav's "cosmetic changes" to our 'cairo' package:
> The commit is also not new. I cherry-picked from core-updates
> (f94cdc86f644984ca83164d40b17e7eed6e22091), which was pushed as a part
> of #42958.
Those commits on 'core-updates' were digitally signed by Léo Le Bouter
<lle-bout@zaclys.net> and have the same problems: they remove security
fixes, and yet the summary lines indicate that only "cosmetic changes"
were made.
I'm sorry to say that your responses have done nothing to allay my
concerns.
Mark
- A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/21
- Re: A "cosmetic changes" commit that removes security fixes, Raghav Gururajan, 2021/04/21
- Re: A "cosmetic changes" commit that removes security fixes,
Mark H Weaver <=
- Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/22
- Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Mark H Weaver, 2021/04/22
- Re: Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Léo Le Bouter, 2021/04/22
- Re: Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Ricardo Wurmus, 2021/04/22
- Re: Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Mark H Weaver, 2021/04/22
- Re: Another misleading commit log (was Re: A "cosmetic changes" commit that removes security fixes), Ludovic Courtès, 2021/04/26