feature request/idea: guix pull --news should show information about new package replacements

  • Open
  • quality assurance status badge
Details
2 participants
  • Jack Hill
  • Ludovic Courtès
Owner
unassigned
Submitted by
Jack Hill
Severity
wishlist
J
J
Jack Hill wrote on 7 Apr 2020 03:17
(address . bug-guix@gnu.org)
alpine.DEB.2.20.2004062100080.5735@marsh.hcoop.net
Hi Guix,

I'm an avid reader of `guix pull --news`. I like learning about new and
updated software. However, I noticed that when a package gains a new
replacement (e.g. for a security fix via grafting), it is not mentioned.
We do not show all changes to package definitions in the new, but since a
new replacement is often for a security fix, I think it is significant
enough to warrant showing in the news. I'm imagining something like:

"""
n packages with new replacements: gnutls, …
"""

or perhaps:

"""
n packages with new grafts: libxml, …
"""

I haven't yet though about the implementation of this. I would want to
avoid doing too much extra work for `guix pull --news`.

What do you think?

Best,
Jack
L
L
Ludovic Courtès wrote on 7 Apr 2020 11:54
(name . Jack Hill)(address . jackhill@jackhill.us)(address . 40478@debbugs.gnu.org)
87y2r7aaen.fsf@gnu.org
Hi,

Jack Hill <jackhill@jackhill.us> skribis:

Toggle quote (23 lines)
> I'm an avid reader of `guix pull --news`. I like learning about new
> and updated software. However, I noticed that when a package gains a
> new replacement (e.g. for a security fix via grafting), it is not
> mentioned. We do not show all changes to package definitions in the
> new, but since a new replacement is often for a security fix, I think
> it is significant enough to warrant showing in the news. I'm imagining
> something like:
>
> """
> n packages with new replacements: gnutls, …
> """
>
> or perhaps:
>
> """
> n packages with new grafts: libxml, …
> """
>
> I haven't yet though about the implementation of this. I would want to
> avoid doing too much extra work for `guix pull --news`.
>
> What do you think?

I think it’s a great idea!

It would be even better if the message were higher-level:

The following security issues were fixed:
CVE-XYZ (gnutls), CVE-123 (icecat), etc.

The (guix cve) module would come in handy but it would be hard to
implement efficiently, I think.

Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 40478@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 40478
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch