GNU bug report logs - #38148
Guix packages old/broken version of qutebrowser

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Florian Bruhin <me@HIDDEN>; dated Sat, 9 Nov 2019 11:26:04 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at 38148 <at> debbugs.gnu.org:


Received: (at 38148) by debbugs.gnu.org; 10 Nov 2019 02:32:52 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 09 21:32:52 2019
Received: from localhost ([127.0.0.1]:50536 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1iTd23-00062X-T6
	for submit <at> debbugs.gnu.org; Sat, 09 Nov 2019 21:32:52 -0500
Received: from imta-35.everyone.net ([216.200.145.35]:44198
 helo=imta-38.everyone.net)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bokr@HIDDEN>) id 1iTd21-00062P-ID
 for 38148 <at> debbugs.gnu.org; Sat, 09 Nov 2019 21:32:50 -0500
Received: from pps.filterd (omta001.sj2.proofpoint.com [127.0.0.1])
 by imta-38.everyone.net (8.16.0.27/8.16.0.27) with SMTP id xAA2WHLT021256;
 Sat, 9 Nov 2019 18:32:47 -0800
X-Eon-Originating-Account: akprTc-jZ5cqmDvvte5VLwgVqX7j5v1zpLg_YOKTpSU
X-Eon-Dm: m0116952.ppops.net
Received: by m0116952.mta.everyone.net (EON-AUTHRELAY2 - 32d0d199)
 id m0116952.5dc217cf.23e861; Sat, 9 Nov 2019 18:32:45 -0800
X-Eon-Sig: AQMHrIJdx3bNJXT9cAIAAAAD,1f7abcd10b99894047a0fa22ba81e138
X-Eip: FxVFvvnB3BvuKXIb1meMdfvlBj3LnY1y1M3tb6pzKcU
Date: Sat, 9 Nov 2019 18:32:36 -0800
From: Bengt Richter <bokr@HIDDEN>
To: Tobias Geerinckx-Rice <me@HIDDEN>
Subject: Re: bug#38148: Guix packages old/broken version of qutebrowser
Message-ID: <20191110023236.GA900@HIDDEN>
References: <20191109100530.zdfrewfmengq7pud@HIDDEN>
 <87ftix9eqa.fsf@nckx>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87ftix9eqa.fsf@nckx>
User-Agent: Mutt/1.12.1 (2019-06-15)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
 definitions=2019-11-09_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
 priorityscore=1501 malwarescore=0
 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1034
 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1910280000
 definitions=main-1911100024
X-Spam-Score: -0.5 (/)
X-Debbugs-Envelope-To: 38148
Cc: Florian Bruhin <me@HIDDEN>, 38148 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: Bengt Richter <bokr@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.4 (-)

On +2019-11-09 17:49:49 +0100, Tobias Geerinckx-Rice via Bug reports for GNU Guix wrote:
> Florian,
> 
> [I'm not a regular qutebrowser user, nor maintainer — I don't think we have
> one.]
> 
> Florian Bruhin 写道:
> > I'm the upstream author of qutebrowser - it looks like Guix currently
> > packages
> > qutebrowser 0.11.0: https://guix.gnu.org/packages/qutebrowser-0.11.0/
> > 
> > That version is very outdated (July 2017, there have been 28 new
> > releases since
> > then). It has various known security issues, but currently it just
> > crashes
> > outright, because such an old version isn't compatible with Qt 5.11
> > which is
> > packaged in Guix.
> > 
> > That results in me getting crash reports around once per week - at this
> > point,
> > it'd probably be better to not package qutebrowser at all, seeing that
> > nobody
> > seems to maintain that package for a long time now.
> 
> Thank you for letting us know.  My apologies for the noise from these
> useless crash reports.
> 
> Is there a supported way to replace the default bug report URL with our own?
> 
> If not, I could patch qutebrowser to pop up a dialogue with our bug tracker
> (e-mail) address instead.  The crash report itself would likely be lost.
> 
> I've tried qutebrowser 1.8.1 with QtWebKit and it runs, but then freezes (@
> 0% CPU) after some minutes.  I had to SIGKILL it. However, so does 0.11.0.
> 
> I'll try to get it to run, and hopefully the state of qutebrowser's
> dependencies in Guix will improve as well.
> 
> Kind regards,
> 
> T G-R

On reading the above, I wonder if we can invent a useful measure of
"runs" vs "works" vs "crashes" that could automatically be visible
in "guix show whatever-package".

I mean, there is a huge difference in confidence (at least on my part :)
between knowing that two developers have successfuly built and run a package
for the first time after refurbishing some orphan package vs knowing that
a thousand users have been using a tool many times daily for months without problems.

Could packages be instrumented with a simple invocation-with-normal/abnormal-exit
counter intialized on install, that could be voluntarily submitted to
some guix email addrress for automatic reliability-score update that
guix show whatever-package then accesses and presents?

Some finer-grain reporting would problably be desirable for packages that
install many executables.

A service could be enabled to send reports periodically for a list of packages
in use by a particular user, at the user's opt-in option of course.

I guess you'd have to have some guard against robo-shill-bots pumping
successful-use scores, but WDYT of the general idea?

Maybe also a count of historical CVE's against any inputs to the package build?
Well, the imagination rambles, but maybe something simple to start with could
test the usefulness?
-- 
Regards,
Bengt Richter




Information forwarded to bug-guix@HIDDEN:
bug#38148; Package guix. Full text available.

Message received at 38148 <at> debbugs.gnu.org:


Received: (at 38148) by debbugs.gnu.org; 9 Nov 2019 16:50:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 09 11:50:00 2019
Received: from localhost ([127.0.0.1]:50202 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1iTTw0-00069V-GH
	for submit <at> debbugs.gnu.org; Sat, 09 Nov 2019 11:50:00 -0500
Received: from tobias.gr ([80.241.217.52]:53118)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@HIDDEN>) id 1iTTvx-00069J-WA
 for 38148 <at> debbugs.gnu.org; Sat, 09 Nov 2019 11:49:59 -0500
Received: by tobias.gr (OpenSMTPD) with ESMTP id 9d6804d9;
 Sat, 9 Nov 2019 16:49:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=tobias.gr; h=from:to:cc
 :subject:references:in-reply-to:date:message-id:mime-version
 :content-type; s=2018; i=me@HIDDEN; bh=wcH0PetOejGPaANQ3FkKKc
 fV1E3vpJU3JOt/TxpyAQQ=; b=KopZWH/BpZbM6UdPKTpgVqNhQ6UCpV6fkZEgJg
 NRyfHuK9rzUwjzBZdWIzoGvC9ACW0oYSbNdDE0rd3BDlahkG+P1VOi1F2ph7mhq/
 EKT9Nxp7eAC8XFApLyptlCkvcfDnoXqJ08AwIeeB//C/eYfFtnjb30KQxGS3mzv0
 Tgza7lQfcLka3fJ/vTPX55NTQurz/FKz3eNMFYzfx/zWByiWHlj3GYXzkagXevYB
 Z0hNykoZWaBlztylrmYvWVZ0TDsa3nhzv2UozgU8dwAteyM9+0e6Njru5NmNvLeA
 uhB/9c8REgD1UH7Qhk8TNBkJSe1IKz2GK0fCac7QPa9odC8A==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 09e00694
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); 
 Sat, 9 Nov 2019 16:49:54 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
To: Florian Bruhin <me@HIDDEN>
Subject: Re: bug#38148: Guix packages old/broken version of qutebrowser
References: <20191109100530.zdfrewfmengq7pud@HIDDEN>
In-reply-to: <20191109100530.zdfrewfmengq7pud@HIDDEN>
Date: Sat, 09 Nov 2019 17:49:49 +0100
Message-ID: <87ftix9eqa.fsf@nckx>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 38148
Cc: 38148 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Florian,

[I'm not a regular qutebrowser user, nor maintainer =E2=80=94 I don't=20
think we have one.]

Florian Bruhin =E5=86=99=E9=81=93=EF=BC=9A
> I'm the upstream author of qutebrowser - it looks like Guix=20
> currently packages
> qutebrowser 0.11.0:=20
> https://guix.gnu.org/packages/qutebrowser-0.11.0/
>
> That version is very outdated (July 2017, there have been 28 new=20
> releases since
> then). It has various known security issues, but currently it=20
> just crashes
> outright, because such an old version isn't compatible with Qt=20
> 5.11 which is
> packaged in Guix.
>
> That results in me getting crash reports around once per week -=20
> at this point,
> it'd probably be better to not package qutebrowser at all,=20
> seeing that nobody
> seems to maintain that package for a long time now.

Thank you for letting us know.  My apologies for the noise from=20
these useless crash reports.

Is there a supported way to replace the default bug report URL=20
with our own?

If not, I could patch qutebrowser to pop up a dialogue with our=20
bug tracker (e-mail) address instead.  The crash report itself=20
would likely be lost.

I've tried qutebrowser 1.8.1 with QtWebKit and it runs, but then=20
freezes (@ 0% CPU) after some minutes.  I had to SIGKILL it.=20
However, so does 0.11.0.

I'll try to get it to run, and hopefully the state of=20
qutebrowser's dependencies in Guix will improve as well.

Kind regards,

T G-R

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfo+u0AlEeO9y5k0W2Imw8BjFSTwFAl3G7i0ACgkQ2Imw8BjF
STwmCg//areiHAe++JpbOXDi5CjWsuZHFDd+HNqCyWZLMRXVGg3CO113YZIaFQcU
5FXvBDjlzPcT9chOIt1GsBkTWRdrDPRkYX4WNBFcJcZrfKLLsfHzFWHucCNKZbFB
lkSE1sVClH9LpimJghEQ8+HkSSwhOe0CNmfjj1Dj4tVKiVXDv1k+zaDgoX4NN8FP
eAHjLUmuhci7PL4Dd5mk6hA8jIt/P8w/FUXQzhaXs5t7wxdlwY4vmTQzhA6UkBQU
BkrpUWwzl5xZt3H6OGYXLfpto2ajDKLuXfdvCJTyfhlpbB2+7837UEAiaNhVWGnZ
cCJvM4Ibl7M+QJdYJBUQlNQlirwlCyzO8xdX5TJvtI6CsQRNe3V2qet0ynAWjMAS
ykU/2aGYvZuTQ7TfXrdl485uMcAfAzgWvy87cLjzcMryv1Ca078/Ohp01IX3mz3j
juL/2lwJ0yhRv5HtSQ4bV7jffnpR/64ZzRNp1dZyrge7RkGmUGIHiZUwrnVD2I08
b/PLMoCSkvnMbhAL7tT1yR9foxTVADeQsxbfBl6Hp9bUFzzPMvMQZYrXoH3LGelO
ltz2iXIy3XpPyE8s9wGdOeoFKt8xDkEdfr32MMw0w9ZW3NYwdRHDrRGc8c7FsTJl
HjdmT4fJB26au7FaFJUsucfpGR3GZVr0uYOBg1+kYoB3yul+by0=
=wosX
-----END PGP SIGNATURE-----
--=-=-=--




Information forwarded to bug-guix@HIDDEN:
bug#38148; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 9 Nov 2019 11:25:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 09 06:25:31 2019
Received: from localhost ([127.0.0.1]:48293 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1iTOrx-0001ul-T3
	for submit <at> debbugs.gnu.org; Sat, 09 Nov 2019 06:25:30 -0500
Received: from lists.gnu.org ([209.51.188.17]:41939)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@HIDDEN>) id 1iTNch-0008Fk-70
 for submit <at> debbugs.gnu.org; Sat, 09 Nov 2019 05:05:39 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:46963)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <me@HIDDEN>) id 1iTNcg-0000mO-0G
 for bug-guix@HIDDEN; Sat, 09 Nov 2019 05:05:39 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled
 version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <me@HIDDEN>) id 1iTNce-0000R5-68
 for bug-guix@HIDDEN; Sat, 09 Nov 2019 05:05:37 -0500
Received: from menkent.uberspace.de ([185.26.156.18]:57906)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <me@HIDDEN>) id 1iTNcd-0000Q2-SM
 for bug-guix@HIDDEN; Sat, 09 Nov 2019 05:05:36 -0500
Received: (qmail 19156 invoked from network); 9 Nov 2019 10:05:32 -0000
Received: from localhost (HELO hooch.localdomain) (127.0.0.1)
 by menkent.uberspace.de with SMTP; 9 Nov 2019 10:05:32 -0000
Date: Sat, 9 Nov 2019 11:05:30 +0100
From: Florian Bruhin <me@HIDDEN>
To: bug-guix@HIDDEN
Subject: Guix packages old/broken version of qutebrowser
Message-ID: <20191109100530.zdfrewfmengq7pud@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="buappeeqvazrpqhh"
Content-Disposition: inline
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 185.26.156.18
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Sat, 09 Nov 2019 06:25:27 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)


--buappeeqvazrpqhh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

I'm the upstream author of qutebrowser - it looks like Guix currently packa=
ges
qutebrowser 0.11.0: https://guix.gnu.org/packages/qutebrowser-0.11.0/

That version is very outdated (July 2017, there have been 28 new releases s=
ince
then). It has various known security issues, but currently it just crashes
outright, because such an old version isn't compatible with Qt 5.11 which is
packaged in Guix.

That results in me getting crash reports around once per week - at this poi=
nt,
it'd probably be better to not package qutebrowser at all, seeing that nobo=
dy
seems to maintain that package for a long time now.

Florian

--=20
https://www.qutebrowser.org | me@HIDDEN (Mail/XMPP)
   GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc
         I love long mails! | https://email.is-not-s.ms/

--buappeeqvazrpqhh
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE4E5WAAJAG47w528KkW6wyP1VoHIFAl3Gj2cACgkQkW6wyP1V
oHJMNBAAqPiw7LjQnuRQPqR2xWvTDsc97kmFEeCWP9PhL++VpaqcSWOXhM5ngskm
Ybw8envr+1jS6/PuVB/E3ecKxX41TEDmSU1RJ6Y5/78GTTDU7qFjPNDVFiFvN/Mv
09MzkxDk0F3dYPwCni8axt4y+1Q8XlO4i6tWSHRSJ/sheO8ztT6xBkv9mau8jw8y
nkjqwVWRkroqi1Vr32hTNc1PH8Oejg9sSPah+IvaPW6vpXv7+YPXb2OlPrBrJL+x
XFn5nL+4SkltFIvMi5xDGQfoyOqLAqnW31lfB4rs24dcDhQZyCpHDWWaE0WenOCZ
M/BVCjFPy4n92uwAWEHgMsmozqK6HwnGY1E/+J/t9+WKlHjuRI3NtqPadXg7cPI9
2R95Wc3PdLinqCS9/8ynotq+5jkp3g4I+CQLtZbTxGjHYSEpw27seHvWGVQWTM9m
05MDgfiGQUm5w7y5JezmhVpOgQWAUJ21fmeA22LrDt9a9HfMB5TY87NsJWP/M8CW
1IG7cJlILob6N3kXlTNIAU45jEUXONUNTY2pDT/MKEE43XdP5kiA75SIQ+9BF3fM
iTY+UnOuGTT1sRgIJKZFpbuArUy33VI1UEg4e+Rpz/x7F+/bPTgJTXOtWQhKsqcB
sMHukSfb8p/P9wJU6Glldaqon0mY6MCUYRA6xdchvMaPq6YprKE=
=DiqZ
-----END PGP SIGNATURE-----

--buappeeqvazrpqhh--




Acknowledgement sent to Florian Bruhin <me@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#38148; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 25 Nov 2019 12:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.