GNU bug report logs - #43160
linux-libre: compare guix-generated sources against upstream releases

Previous Next

Package: guix-patches;

Reported by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Date: Tue, 1 Sep 2020 20:41:02 UTC

Severity: normal

Tags: patch

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #41 received at 43160 <at> debbugs.gnu.org (full text, mbox):

From: Mark H Weaver <mhw <at> netris.org>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 43160 <at> debbugs.gnu.org, Leo Famulari <leo <at> famulari.name>
Subject: Re: Validate the result of our linux-libre sources clean up
Date: Fri, 04 Sep 2020 11:21:47 -0400

Hi Maxim,

Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
> I'd like to point you to the following patches, as they touch the
> generation of the linux-libre sources, in case they hadn't caught your
> attention: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43160.

Thanks very much for bringing this to my attention.  I do not subscribe
to the guix-patches list, so I would not have seen this otherwise.

I'm in favor of the following patches:

  gnu: linux-libre: Use Python 3 in make-linux-libre-source.
  gnu: make-linux-libre-source: Set output port buffering to line mode.
  gnu: linux-libre: Validate that the cleaned up tarball is free of blobs.

Thanks for these.  Please push them whenever you feel is appropriate.

On other other hand, I'm strongly opposed to the following patch:

  gnu: linux-libre: Compare generated sources against Linux-libre releases.

I'm opposed to it because it would make it prohibitively difficult to
push micro kernel updates (most of which contain potential security
fixes) before Linux-libre has published their tarball release.  It would
also make it prohibitively difficult to perform deblobbed bisections
between two adjacent versions from the upstream stable git repository.

In my opinion, at minimum, the 'linux-libre-upstream-source' argument to
'make-linux-libre-source' should optional.

I find it depressing that Jason's and Alexandre's attempts to browbeat
us to limit ourselves to deblob only the precise tarballs that they
produce, and to always wait for them to produce them before pushing
security fixes (although it takes less than 10 minutes to look over the
upstream commits for new blobs) have gained traction here.

      Thanks,
        Mark
This bug report was last modified 2 years and 27 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.