GNU bug report logs -
#43075
Prioritize providing substitutes for security-critical packages with potentially long build times
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
zimoun <zimon.toutoune <at> gmail.com> writes:
> On Fri, 11 Sep 2020 at 08:56, Ludovic Courtès <ludo <at> gnu.org> wrote:
>> To me the proposal is more about introducing scheduling priorities. For
>> these packages, it’s indeed safe to assume that every new release brings
>> security fixes.
>
> Why would some packages be prioritized on the build farm than others?
> Based on what? Which criteria?
There are two aspects that make ungoogled-chromium, icecat and
linux-libre special:
- long build time
- security critical
If a user cannot run the newest ungoogled-chromium, icecat, or
linux-libre due to too high build times (so it can for example only be
built on a weekend, but not on a weekday when the computer is only
active for a few hours), then this user is prone to be hit by zero-day
vulnerabilities.
So the minimal criterion would be: Protect users from zero-days.
For ungoogled-chromium, icecat, and linux-libre, two factors match:
- the chance is very high that an update fixes a vulnerability, and
- they take so long to build that many users won’t be able to do it
right away.
I certainly can’t: I cannot update ungoogled-chromium during work-time
because the compile is so heavy on resources, that it considerably slows
down my work.
Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein
ohne es zu merken
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 4 years and 279 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.