[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A "cosmetic changes" commit that removes security fixes
From: |
Mark H Weaver |
Subject: |
Re: A "cosmetic changes" commit that removes security fixes |
Date: |
Thu, 22 Apr 2021 17:21:41 -0400 |
Hi Léo,
Léo Le Bouter <lle-bout@zaclys.net> writes:
> I don't share your analysis, the security fixes werent stripped because
> glib/cairo was also updated to latest version in subsequent commits
> which were pushed all at once.
'glib' was updated, but 'cairo' wasn't, presumably because there's no
newer stable release of 'cairo' to update to.
> Careful review was done, and that's why I signed-off and GPG-signed the
> commits. Nobody was put at risk by these commits and no security fixes
> were stripped.
Those are bold claims, given the contents of our git repository.
Here's Raghav's commit on the 'core-updates' branch, which bears your
digital signature (according to my 'git' client), where the security
fixes for CVE-2018-19876 and CVE-2020-35492 were removed, in a commit
whose summary line is "gnu: cairo: Make some cosmetic changes":
https://git.sv.gnu.org/cgit/guix.git/commit/?h=core-updates&id=f94cdc86f644984ca83164d40b17e7eed6e22091
I have two questions for you:
(1) Do you deny that you digitally signed that commit?
(2) Do you deny that there's anything wrong with that commit?
Thanks,
Mark
--
Support Richard Stallman against the vicious misinformation campaign
against him and the FSF. See <https://stallmansupport.org> for more.
- Re: A "cosmetic changes" commit that removes security fixes, (continued)
- Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes, 宋文武, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes, Mark H Weaver, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes, Léo Le Bouter, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes, Christopher Baines, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes, Leo Prikler, 2021/04/22
- Re: A "cosmetic changes" commit that removes security fixes,
Mark H Weaver <=
- Re: A "cosmetic changes" commit that removes security fixes, Maxim Cournoyer, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Raghav Gururajan, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Maxim Cournoyer, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Raghav Gururajan, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Léo Le Bouter, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Leo Prikler, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Leo Famulari, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Léo Le Bouter, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Leo Famulari, 2021/04/23
- Re: A "cosmetic changes" commit that removes security fixes, Giovanni Biscuolo, 2021/04/26