On Tue, 16 Mar 2021 at 19:08, Léo Le Bouter <lle-b...@zaclys.net> wrote: On Tue, 2021-03-16 at 13:55 -0400, Leo Famulari wrote:
> > I do agree that updating this program 5 versions in a graft was > > perhaps > > too much. > > > > We should always try to cherry-pick bug-fix patches when grafting. > > > > Otherwise the risk of breakage is too high. At least, these types of > > patches should be reviewed on guix-patches. Léo, can you send them to > > guix-patches in the future? > > > > Sometimes it is okay to update things in a graft, but it depends on > > the > > situation. > > 1.4.4 and 1.4.9 are ABI compatible? At least that's the reason I > believed it wasnt risky. I can send them to the mailing list especially > with such a core package (GNU Guix dependency). But often it stays > there and no one is looking so. E.g. the unzip vulnerability patches, > nobody looked until I actually pushed them out of waiting for reviews, > I tried to hint multiple people on IRC during several days, no answer > still, so I ended up pushing it, turns out I had several mistakes in it > and because it was pushed well some people looked at it and helped > fixing which was welcome. Well, it seems better to send such changes to guix-patches, waiting 15 days, and then if no comment, push. It is what the manual describes: Non-trivial patches should always be posted to guix-patc...@gnu.org (trivial patches include fixing typos, etc.). […] For patches that just add a new package, and a simple one, it’s OK to commit, if you’re confident […]. Likewise for package upgrades, except upgrades that trigger a lot of rebuilds […]. […] […] If you didn’t receive any reply after two weeks, and if you’re confident, it’s OK to commit. <http://guix.gnu.org/manual/devel/en/guix.html#Commit-Access> And from my understanding, it is a non-trivial patch which triggers a lot of rebuilds. Double reasons. ;-) Cheers, simon