GNU bug report logs - #40478
feature request/idea: guix pull --news should show information about new package replacements

Previous Next

Package: guix;

Reported by: Jack Hill <jackhill <at> jackhill.us>

Date: Tue, 7 Apr 2020 01:18:02 UTC

Severity: wishlist

To reply to this bug, email your comments to 40478 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#40478; Package guix. (Tue, 07 Apr 2020 01:18:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Jack Hill <jackhill <at> jackhill.us>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Tue, 07 Apr 2020 01:18:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jack Hill <jackhill <at> jackhill.us>
To: bug-guix <at> gnu.org
Subject: feature request/idea: guix pull --news should show information about
 new package replacements
Date: Mon, 6 Apr 2020 21:17:17 -0400 (EDT)

[Message part 1 (text/plain, inline)]
Hi Guix,

I'm an avid reader of `guix pull --news`. I like learning about new and 
updated software. However, I noticed that when a package gains a new 
replacement (e.g. for a security fix via grafting), it is not mentioned. 
We do not show all changes to package definitions in the new, but since a 
new replacement is often for a security fix, I think it is significant 
enough to warrant showing in the news. I'm imagining something like:

"""
n packages with new replacements: gnutls, …
"""

or perhaps:

"""
n packages with new grafts: libxml, …
"""

I haven't yet though about the implementation of this. I would want to 
avoid doing too much extra work for `guix pull --news`.

What do you think?

Best,
Jack
Information forwarded to bug-guix <at> gnu.org:
bug#40478; Package guix. (Tue, 07 Apr 2020 09:55:02 GMT) Full text and rfc822 format available.

Message #8 received at 40478 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Jack Hill <jackhill <at> jackhill.us>
Cc: 40478 <at> debbugs.gnu.org
Subject: Re: bug#40478: feature request/idea: guix pull --news should show
 information about new package replacements
Date: Tue, 07 Apr 2020 11:54:24 +0200

Hi,

Jack Hill <jackhill <at> jackhill.us> skribis:

> I'm an avid reader of `guix pull --news`. I like learning about new
> and updated software. However, I noticed that when a package gains a
> new replacement (e.g. for a security fix via grafting), it is not
> mentioned. We do not show all changes to package definitions in the
> new, but since a new replacement is often for a security fix, I think
> it is significant enough to warrant showing in the news. I'm imagining
> something like:
>
> """
> n packages with new replacements: gnutls, …
> """
>
> or perhaps:
>
> """
> n packages with new grafts: libxml, …
> """
>
> I haven't yet though about the implementation of this. I would want to
> avoid doing too much extra work for `guix pull --news`.
>
> What do you think?

I think it’s a great idea!

It would be even better if the message were higher-level:

  The following security issues were fixed:
    CVE-XYZ (gnutls), CVE-123 (icecat), etc.

The (guix cve) module would come in handy but it would be hard to
implement efficiently, I think.

Ludo’.
This bug report was last modified 4 years and 290 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.