GNU bug report logs - #43075
Prioritize providing substitutes for security-critical packages with potentially long build times

Previous Next

Full log

View this message in rfc822 format

From: zimoun <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 43075 <at> debbugs.gnu.org, chaosmonk <chaosmonk <at> riseup.net>
Subject: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times
Date: Fri, 11 Sep 2020 09:37:59 +0200

Hi,

On Fri, 11 Sep 2020 at 08:56, Ludovic Courtès <ludo <at> gnu.org> wrote:

> > The recent updates of ungoogled-chromium do not mention [security
> > updates].  Well, I do not know if they are.  So the question would be:
> > what triggers the special security build?
>
> To me the proposal is more about introducing scheduling priorities.  For
> these packages, it’s indeed safe to assume that every new release brings
> security fixes.

Why would some packages be prioritized on the build farm than others?
Based on what?   Which criteria?
Popularity?  But we do not measure (yet?) how many times a substitute
is downloaded.
For example, I do not use ungoogled-chromium so I would prefer that
the resources of the build farm would be spent on these X packages.
Bob and Alice, they would prefer these Y packages.  How do we reach a
consensus?
And security is one criteria.  But how to detect it is a security fix?

(Aside the issue of ungoogled-chromium about the time limit you
described; which should be fixed, obviously. :-))


I understand the annoyance and the frustration of the substitutes
availability but I am not convinced that some packages have higher
priority on the substitute delivery than others.

All the best,
simon

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.