From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id qFs0Np4pW1+pNQAA0tVLHw (envelope-from ) for ; Fri, 11 Sep 2020 07:39:10 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id 4OmgMJ4pW1/KaQAAbx9fmQ (envelope-from ) for ; Fri, 11 Sep 2020 07:39:10 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 537EC94050F for ; Fri, 11 Sep 2020 07:39:10 +0000 (UTC) Received: from localhost ([::1]:59110 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kGdeG-0005dO-QV for larch@yhetil.org; Fri, 11 Sep 2020 03:39:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49976) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGdeA-0005d4-4O for bug-guix@gnu.org; Fri, 11 Sep 2020 03:39:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:58906) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kGde9-00031t-Qn for bug-guix@gnu.org; Fri, 11 Sep 2020 03:39:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kGde9-0000qE-Nj for bug-guix@gnu.org; Fri, 11 Sep 2020 03:39:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times Resent-From: zimoun Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 11 Sep 2020 07:39:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43075 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 43075-submit@debbugs.gnu.org id=B43075.15998098983178 (code B ref 43075); Fri, 11 Sep 2020 07:39:01 +0000 Received: (at 43075) by debbugs.gnu.org; 11 Sep 2020 07:38:18 +0000 Received: from localhost ([127.0.0.1]:42219 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kGddR-0000pB-NZ for submit@debbugs.gnu.org; Fri, 11 Sep 2020 03:38:17 -0400 Received: from mail-qt1-f170.google.com ([209.85.160.170]:34154) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kGddQ-0000oy-HH for 43075@debbugs.gnu.org; Fri, 11 Sep 2020 03:38:16 -0400 Received: by mail-qt1-f170.google.com with SMTP id 19so7159863qtp.1 for <43075@debbugs.gnu.org>; Fri, 11 Sep 2020 00:38:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=H2WoYjA2p6g6qEC53evIiOfBVijflncR4cQDv1MlGwc=; b=cpRmGpqI6FBldagwahEfkt6V9/uigrJ9l1HlQzhSDF0iKpnF9yP4EpoCV45I5YFd+d u3kz+Kjl1glMpnSnseYrRPRcxmLFPHTg+vlI5B0NwIQkIMjskSsQU3UCUVuTSlyD+QXR xk+m60cFQvIHNGCgJyYihxPNX/jwafJTIvX/iZRAdok87cEDVwziUWNihwg1yJX+KfjA 9fB7ARCRPgVMyZVArqqtgZtnvWb3BZ0aNVglTnP6fmougi0Z2gab1lFItIfp5gMtAWMP t7e5Iby52EgbAZO2xenmap8VCssjW2mnoDrhXQX0zagrS+TMtEn0SBd5FOnCuTRRoBfM RS5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=H2WoYjA2p6g6qEC53evIiOfBVijflncR4cQDv1MlGwc=; b=G3T8W6BOxBPO1EvFRpPCzonEoyO00K2dbNvPA8kxRbC7Mih1vtJj3ln9QI166vXy76 pTnep/mMZKjIqEpusK8Oh4J/AP13k2eN4QdvGxFNJcveN2Opdu3otWZwnVEu+8nw2HjQ dKHYKpJwH767huGdHZfllCKBJ0+m7fmk/h+FO88M2SH0BirWiBDAWDSOIy+adpf+uhob zJO1MSWjivZL9ncrA3jEf9s1fJ6AOLuCHh23+dsa0mEUP6jg3srF+RwZFe/S+MfdbYSV AWBuxIdZ8POsDtL0DNaJtkDTax1bWj/DTVIO/di5eSMOqDcBAWpuFJmbaNiMcPA4HLlB 3D2w== X-Gm-Message-State: AOAM530NF5YovJItLKj7Hq54apcNfE5cQsd/iertaR5vSOB/MkI6cMGY j02CwLe+ZQr2CPWa4a3QBDssVb2dtWvRXp3KRio= X-Google-Smtp-Source: ABdhPJzk87+UmNOQbzO02rcp0HKoatn0TfTBExGXIV968UNW2v3SDglt2qKvzVtoQi4zfEMSxTdI4WzQ+Pwt3k8xlas= X-Received: by 2002:aed:2fc5:: with SMTP id m63mr662120qtd.313.1599809890760; Fri, 11 Sep 2020 00:38:10 -0700 (PDT) MIME-Version: 1.0 References: <2WPQFQ.3JQYOGZG7WXZ@riseup.net> <87bliejc3j.fsf@gnu.org> <878sdg7qej.fsf@gnu.org> In-Reply-To: <878sdg7qej.fsf@gnu.org> From: zimoun Date: Fri, 11 Sep 2020 09:37:59 +0200 Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 43075@debbugs.gnu.org, chaosmonk Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=gmail.com header.s=20161025 header.b=cpRmGpqI; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Spam-Score: 0.09 X-TUID: Tup1O5FQj1qC Hi, On Fri, 11 Sep 2020 at 08:56, Ludovic Court=C3=A8s wrote: > > The recent updates of ungoogled-chromium do not mention [security > > updates]. Well, I do not know if they are. So the question would be: > > what triggers the special security build? > > To me the proposal is more about introducing scheduling priorities. For > these packages, it=E2=80=99s indeed safe to assume that every new release= brings > security fixes. Why would some packages be prioritized on the build farm than others? Based on what? Which criteria? Popularity? But we do not measure (yet?) how many times a substitute is downloaded. For example, I do not use ungoogled-chromium so I would prefer that the resources of the build farm would be spent on these X packages. Bob and Alice, they would prefer these Y packages. How do we reach a consensus? And security is one criteria. But how to detect it is a security fix? (Aside the issue of ungoogled-chromium about the time limit you described; which should be fixed, obviously. :-)) I understand the annoyance and the frustration of the substitutes availability but I am not convinced that some packages have higher priority on the substitute delivery than others. All the best, simon