GNU bug report logs - #43075
Prioritize providing substitutes for security-critical packages with potentially long build times

Previous Next

Full log

Message #11 received at 43075 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 43075 <at> debbugs.gnu.org, chaosmonk <chaosmonk <at> riseup.net>
Subject: Re: bug#43075: Prioritize providing substitutes for security-critical
 packages with potentially long build times
Date: Thu, 10 Sep 2020 11:19:11 +0200

Hi,

On Thu, 10 Sep 2020 at 10:01, Ludovic Courtès <ludo <at> gnu.org> wrote:
> chaosmonk <chaosmonk <at> riseup.net> skribis:

> > I don't know what Guix's CI system looks like or how packages are
> > queued for building, but if there is a way to prioritize builds for
> > certain packages, I propose that substitutes for packages like
> > ungoogled-chromium should be built as soon as possible once there is a
> > new version.  Other security-critical packages with potentially long
> > build times that come to mind are icecat and linux-libre.

> Right now we’re trying to improve build throughput in general but your
> proposal makes sense, of course.

The recent updates of ungoogled-chromium do not mention [security
updates].  Well, I do not know if they are.  So the question would be:
what triggers the special security build?

Well, the work-in-progress [1] about some metrics of Cuirass (Guix's
CI) would provide interesting answers on the concrete feasibility and
future improvements.

[1] http://issues.guix.gnu.org/32548#1


All the best,
simon

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.