New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libgit2_0_27: mark as insecure #111319
libgit2_0_27: mark as insecure #111319
Conversation
gitin should be updated to 0.2.5 - the latest stable version which supports go modules and does not require obsolete libgit2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
It is used by gitin
and gitaly
. I'm not sure the latest gitaly
13.8.1 works with newer libgit
.
Gitin 0.2.5 requires libgit2 1.0, but we have 1.1. Feel free to package the update yourself or file an upstream bug. |
(cherry picked from commit f69fe44)
This also effects |
On Fri 21 May 2021, Florian Franzen wrote:
This also effects `julia` (which is aliased to `julia-lts` and finally `julia_10`). Maybe it is time to alias `julia` to `julia-stable` instead.
Well, `julia-stable` points to `julia_15` which is broken [1]. So I do not think that addresses the problem. In addition, I do not think pointing the “main” name to a release with very different behaviour is a nice surprise for our end users.
[1]: #121101
There is a patch readily available for the `release-1.0` branch to make Julia compatible with libgit2 v0.28.5 [2]. Applying this to `julia_10` is hardly rocket science and should be within about ten lines of a patch to Nixpkgs once you add pinning libgit2 to v0.28.5.
[2]: JuliaLang/julia#40178
Edit: Spelling
|
Motivation for this change
closes #90855
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)This affects julia_10 (cc @doronbehar @ninjin @rbvermaa) and gitin (cc @kimat)