Thanks Jeremy for the bug report. I concur with removing guix from our next release.
I'm disinclined to remove guix from our previous releases: - The -release lists are basically immutable. Mutating one would be a huge surprise. - Simply removing the package doesn't uninstall it from our user systems -- they are still vulnerable, with then no mechanism for us to deliver a fix to them, should someone contribute one. - Pushing an update that bluntly removes some subset of functionality might be enough for us to mitigate the issue, potentially at large risk of regression for those affected. - We've almost never done this, so it would be a very large surprise to our users for us to do it now. https://bugs.launchpad.net/ubuntu/+source/bitcoin/+bug/1314616 is a case I can recall us pushing an SRU to replace a wrapper script with a non-functional script, but that was motivated in part by the program not actually working at all due to changes in the ecosystem. How about something similar? We could rename the daemon, push a script in its place that logs messages and fails, and if a user *really* wants to run the unsafe thing, they could figure out how to put it back in place. Thoughts? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2121556 Title: Remove guix from Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/guix/+bug/2121556/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
