GNU bug report logs -
#43075
Prioritize providing substitutes for security-critical packages with potentially long build times
Previous Next
Full log
View this message in rfc822 format
ungoogled-chromium receives frequent security updates, so it is
important for users to keep it up-to-date. However, binary substitutes
for the latest version are usually not available, and it can take a
very long time to build from source, possibly multiple days on low-end
hardware. This might tempt or force some users to put off upgrading
the package and run an older, vulnerable version until a binary
substitute is available or they have a chance to set aside the uptime
needed to build from source.
I don't know what Guix's CI system looks like or how packages are
queued for building, but if there is a way to prioritize builds for
certain packages, I propose that substitutes for packages like
ungoogled-chromium should be built as soon as possible once there is a
new version. Other security-critical packages with potentially long
build times that come to mind are icecat and linux-libre.
This bug report was last modified 4 years and 280 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.