From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Security updates (was Re: texmaker, Qt and Chromium)
Date: Sun, 9 Oct 2016 16:13:10 -0400
Message-ID: <20161009201310.GA30105@jasmine>
References: <877f9kufxx.fsf@elephly.net>
	<20161008105545.6154ed73@scratchpost.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:38982)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1btKTQ-0004Nf-Fh
	for guix-devel@gnu.org; Sun, 09 Oct 2016 16:13:30 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1btKTM-0002y0-6A
	for guix-devel@gnu.org; Sun, 09 Oct 2016 16:13:27 -0400
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:43793)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1btKTK-0002tF-TB
	for guix-devel@gnu.org; Sun, 09 Oct 2016 16:13:24 -0400
Content-Disposition: inline
In-Reply-To: <20161008105545.6154ed73@scratchpost.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Danny Milosavljevic <dannym@scratchpost.org>
Cc: guix-devel <guix-devel@gnu.org>

On Sat, Oct 08, 2016 at 10:55:45AM +0200, Danny Milosavljevic wrote:
> One of the reasons I'm using distributions rather than just
> ./configure ; make ; make install is that distributors stay on top of
> security problems and disable and/or patch packages as problems arise.
> I think many others also mainly use distributions because of that.

I'm going off-topic here, but... Please Help :)

Right now there are only a few of us paying attention to security bug
disclosures and, in my opinion, that's not enough.

If you are interested in keeping Guix secure, try subscribing to the
oss-sec mailing list. If you use Guix on a foreign distro, you can
subscribe to that distro's security announcement list. If you are the de
facto maintainer of some Guix packages, or if you run your business on
some Guix packages, follow the upstream bug reports.

And then, patch bugs in our packages. If you aren't sure how to fix the
bugs, it's still helpful to present them on guix-devel and ask for
advice.

Help Wanted!

[0]
http://seclists.org/oss-sec/

[1] For example:
https://lists.debian.org/debian-security-announce/