GNU bug report logs - #43075
Prioritize providing substitutes for security-critical packages with potentially long build times

Previous Next

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: zimoun <zimon.toutoune <at> gmail.com>
Cc: 43075 <at> debbugs.gnu.org, chaosmonk <chaosmonk <at> riseup.net>
Subject: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times
Date: Fri, 11 Sep 2020 08:56:20 +0200

Hi,

zimoun <zimon.toutoune <at> gmail.com> skribis:

> On Thu, 10 Sep 2020 at 10:01, Ludovic Courtès <ludo <at> gnu.org> wrote:
>> chaosmonk <chaosmonk <at> riseup.net> skribis:
>
>> > I don't know what Guix's CI system looks like or how packages are
>> > queued for building, but if there is a way to prioritize builds for
>> > certain packages, I propose that substitutes for packages like
>> > ungoogled-chromium should be built as soon as possible once there is a
>> > new version.  Other security-critical packages with potentially long
>> > build times that come to mind are icecat and linux-libre.
>
>> Right now we’re trying to improve build throughput in general but your
>> proposal makes sense, of course.
>
> The recent updates of ungoogled-chromium do not mention [security
> updates].  Well, I do not know if they are.  So the question would be:
> what triggers the special security build?

To me the proposal is more about introducing scheduling priorities.  For
these packages, it’s indeed safe to assume that every new release brings
security fixes.

Thanks,
Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.