Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lurch: revert patch from #26757 #26843

Merged
merged 1 commit into from Dec 1, 2020
Merged

lurch: revert patch from #26757 #26843

merged 1 commit into from Dec 1, 2020

Conversation

the-maldridge
Copy link
Member

The patch was erroneously applied after a github user claimed it to be
a security issue, and later it was determined that this user was going
around tricking various projects into applying their patch that had
been exlicitly declined by upstream (xsf/xeps#894).

There's probably a dialog to happen here around relative security of
accepting unverified patches in the name of 'security' but this is
neither the time nor the place.

@the-maldridge
lurch: revert patch from void-linux#26757
f1b0c67 
The patch was erroneously applied after a github user claimed it to be
a security issue, and later it was determined that this user was going
around tricking various projects into applying their patch that had
been exlicitly declined by upstream (xsf/xeps#894).

There's probably a dialog to happen here around relative security of
accepting unverified patches in the name of 'security' but this is
neither the time nor the place.
@Vaelatern
Copy link
Member

We should not maintain patches that change functionality, and that go against expressed upstream wishes. Approved.

We have been known to accept security patches, referencing identical upstream commits or CVEs. We have been known to expedite upgrades when they include security fixes. Even if upstream chooses to be insecure by some measure, I think it is reasonable to let them.

sgn
sgn approved these changes Nov 30, 2020
View reviewed changes
Copy link
Member

@sgn sgn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think our decision is upstream know better.

@the-maldridge the-maldridge merged commit e1b032f into void-linux:master Dec 1, 2020
@the-maldridge the-maldridge deleted the revert-26757 branch December 1, 2020 02:20
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 11, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Vaelatern Vaelatern Vaelatern approved these changes

@sgn sgn sgn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@the-maldridge @Vaelatern @sgn