Hi Raghav,
Raghav Gururajan <r...@raghavgururajan.name> writes:
>> Raghav Gururajan has pushed another misleading "cosmetic changes"
>> commit.
[...]
>> This one is *far* worse than the examples I gave before.
>> This one removes the security fixes for CVE-2018-19876 and
>> cairo-CVE-2020-35492 that I had applied in commit
>> bc16eacc99e801ac30cbe2aa649a2be3ca5c102a.
>
> The commit is not new. I cherry-picked from core-updates
> (993de472ed3dfe90e1c4110b6b910c1f74d243ff), which was pushed as a part
> of #42958.
>
>> Behold, Raghav's "cosmetic changes" to our 'cairo' package:
> The commit is also not new. I cherry-picked from core-updates
> (f94cdc86f644984ca83164d40b17e7eed6e22091), which was pushed as a part
> of #42958.
Those commits on 'core-updates' were digitally signed by Léo Le Bouter
<lle-b...@zaclys.net> and have the same problems: they remove security
fixes, and yet the summary lines indicate that only "cosmetic changes"
were made.
I'm sorry to say that your responses have done nothing to allay my
concerns.
Mark
