unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times
@ 2020-08-27 20:50 chaosmonk
  2020-09-10  8:00 ` Ludovic Courtès
  0 siblings, 1 reply; 13+ messages in thread
From: chaosmonk @ 2020-08-27 20:50 UTC (permalink / raw)
  To: 43075

ungoogled-chromium receives frequent security updates, so it is 
important for users to keep it up-to-date.  However, binary substitutes 
for the latest version are usually not available, and it can take a  
very long time to build from source, possibly multiple days on low-end 
hardware.  This might tempt or force some users to put off upgrading 
the package and run an older, vulnerable version until a binary 
substitute is available or they have a chance to set aside the uptime 
needed to build from source.

I don't know what Guix's CI system looks like or how packages are 
queued for building, but if there is a way to prioritize builds for 
certain packages, I propose that substitutes for packages like 
ungoogled-chromium should be built as soon as possible once there is a 
new version.  Other security-critical packages with potentially long 
build times that come to mind are icecat and linux-libre.






^ permalink raw reply	[flat|nested] 13+ messages in thread

end of thread, other threads:[~2020-09-11 14:46 UTC | newest]

Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-08-27 20:50 bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times chaosmonk
2020-09-10  8:00 ` Ludovic Courtès
2020-09-10  9:19   ` zimoun
2020-09-11  0:47     ` Bengt Richter
2020-09-11  1:06     ` Mason Hock
2020-09-11  6:56     ` Ludovic Courtès
2020-09-11  7:37       ` zimoun
2020-09-11  8:23         ` Ricardo Wurmus
2020-09-11 13:39         ` Leo Famulari
2020-09-11 14:33         ` Dr. Arne Babenhauserheide
2020-09-11 14:45         ` Ludovic Courtès
2020-09-11  1:14   ` Mason Hock
2020-09-11  6:53     ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).