From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id SL5OHnIoUWDeVgAA0tVLHw
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 16 Mar 2021 21:51:46 +0000
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id wFsLGnIoUWAaJgAAB5/wlQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 16 Mar 2021 21:51:46 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 14D1014399
	for <larch@yhetil.org>; Tue, 16 Mar 2021 22:51:46 +0100 (CET)
Received: from localhost ([::1]:43222 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1lMHbN-0002LR-8n
	for larch@yhetil.org; Tue, 16 Mar 2021 17:51:45 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:60010)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bokr@oz.net>) id 1lMHWK-0005Uo-DF
 for guix-devel@gnu.org; Tue, 16 Mar 2021 17:46:32 -0400
Received: from imta-35.everyone.net ([216.200.145.35]:38280
 helo=imta-38.everyone.net)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bokr@oz.net>) id 1lMHWG-0008Vs-Oa
 for guix-devel@gnu.org; Tue, 16 Mar 2021 17:46:32 -0400
Received: from pps.filterd (omta001.sj2.proofpoint.com [127.0.0.1])
 by imta-38.everyone.net (8.16.0.43/8.16.0.43) with SMTP id 12GLSDwB013465;
 Tue, 16 Mar 2021 14:46:21 -0700
X-Eon-Originating-Account: 5iyqHmGoZuukkeJKanFQM90k052bV_DDBamrTjPA9UE
X-Eon-Dm: m0116293.ppops.net
Received: by m0116293.mta.everyone.net (EON-AUTHRELAY2 - 5a81cfb8)
 id m0116293.603eb1d3.eb4b4; Tue, 16 Mar 2021 14:46:20 -0700
X-Eon-Sig: AQMHrIJgUScsZlDxPAIAAAAD,9eb3c2ef541090d764730f8d1fd74899
X-Eip: QGUzZLukuCvS-vX-tO9sJUfbQA7c9nAU_AKYS6ylPBg
Date: Tue, 16 Mar 2021 22:46:11 +0100
From: Bengt Richter <bokr@bokr.com>
To: Leo Famulari <leo@famulari.name>
Subject: Security-czar needed? WAS: Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9:
 grafting or core-updates?
Message-ID: <20210316214611.GA17584@LionPure>
References: <91998d12df3c4a279f46cf50b15d47c99e064a46.camel@zaclys.net>
 <CAJ3okZ3+Zc1_g_5WFPCFNYUt4mD5ZVUky+epcPDkMcjrG0NK_w@mail.gmail.com>
 <YFDxLvQcaiJadhJJ@jasmine.lan>
 <CAJ3okZ3VWMGnR3r+A1CpdX9JdgTOUdcyi+XZ781DJZLRgdpA9A@mail.gmail.com>
 <YFEEg1JkPT48BK0n@jasmine.lan>
 <CAJ3okZ0-jkq9DAC6=At+Eky4_KZ6bOA6YUBuigpJaoLyP8UC7g@mail.gmail.com>
 <YFEHJ6HMe2W4Zwda@jasmine.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <YFEHJ6HMe2W4Zwda@jasmine.lan>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761
 definitions=2021-03-16_08:2021-03-16,
 2021-03-16 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=937
 mlxscore=0
 lowpriorityscore=0 priorityscore=1501 suspectscore=0 malwarescore=0
 spamscore=0 clxscore=1034 bulkscore=0 adultscore=0 phishscore=0
 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2009150000 definitions=main-2103160137
Received-SPF: pass client-ip=216.200.145.35; envelope-from=bokr@oz.net;
 helo=imta-38.everyone.net
X-Spam_score_int: -15
X-Spam_score: -1.6
X-Spam_bar: -
X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9,
 HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_MSPIKE_H3=0.001,
 RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Reply-To: Bengt Richter <bokr@bokr.com>
Cc: Guix Devel <guix-devel@gnu.org>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1615931506;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post; bh=944rkPebRL960xvqp9d6zZTingbrwklww1sR2cXL5Gw=;
	b=p73i/YaGQsIvT2JrqGE2Xc5Pv6C5iuSObcar4h6c/zOl2qdRaM7rI+SWdyWeRLX6V8Kyyw
	rNaEeBvd4Jf8XIKdfgwNZUWYyeKBlrET4XvU0GsGASa0kY/EBY4wUvx4LGULtdERpSb3XN
	EQFJU33++bkd5Jh8lOLMMVVQum1f93Mx1uxWMmBH60Ms8JSrX0OKz3+QkOkdSrfbZKoNR/
	VyMYw717X+OAgEEVAuFyAE3WAGGptZvxgJaB8oyP1Qc00t89bG5XLeRJQN6HHkE7S2sqHj
	Od4KHNkp4J99RotRZzD9mYEbcWUHX8v/sou+4K+p3HR+I3uigFBHbA51DNmaWQ==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1615931506; a=rsa-sha256; cv=none;
	b=aIbsdvdUjBlSUlKrrlgTxDZB3+HzMRm8Xa/JfaGOtnncXBzmV4kaauOnNbjqV0mWK7j/x5
	XauhyRkLH5/JcSWf7IcKgFIV2nmHh0v+D0l2JJpMbGsZwBM4a5l0SGm0QxjuJuPm+srX6R
	fFS4kTSx1i/j9gtt1+RhTCDbEyFXBDOf0qxUHvL0WFogtNZase06PbToHg4OrIYsOPlnCQ
	lF1SdotXpBh3OW3OfrlwJ2J0y9JrnZoqOBnm4/mcT0ucDzZKMjTQtFzt90c/5c5EaTHqNm
	k9NODKM6MjVlouxo2f++evBUV/1YBDagrTq+Q+hDfHGG25kplTeM2Fj9pw9rYQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Spam-Score: -0.90
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Queue-Id: 14D1014399
X-Spam-Score: -0.90
X-Migadu-Scanner: scn0.migadu.com
X-TUID: TZY6/TJDkzWh

Hi all,

On +2021-03-16 15:29:43 -0400, Leo Famulari wrote:
> On Tue, Mar 16, 2021 at 08:25:50PM +0100, zimoun wrote:
> > Hi,
> > 
> > On Tue, 16 Mar 2021 at 20:18, Leo Famulari <leo@famulari.name> wrote:
> > > On Tue, Mar 16, 2021 at 07:19:53PM +0100, zimoun wrote:
> > > > I guess that it will not build for i686.  Does it?
> > >
> > > I don't know. Either we will find out when building on CI, or people can
> > > test it manually now.
> > 
> > Please try out the patch from:
> > 
> > <https://lists.gnu.org/archive/html/guix-devel/2021-03/msg00295.html>
> > 
> > and if it works for you, please apply it.
> 
> No, sorry :) Someone else (maybe an i686 user?) will have to find the
> time to test it.
> 

I would feel better about running guix on my laptop if I
knew all you developers had gotten together and elected
a "security czar" who is the most competent of you to monitor
security and also cares the most, and had the power to prevent
applying unreviewed patches, and making sure all CVEs are taken
care of, and kitchen doors not left open the way we did in the '50s.

Sorry if it sounds like I think guix security is lax.
Please convince me it's not so ;)

Thanks, nevertheless, for all the great technical work!

Just wish I could type
    guix --what-and-who-am-I-trusting-q --full-report
and get a complete list, with batting averages of the
developers (regressions vs fixes), packages (estimated
number of times executed without problem, dangerous bugs
in development history, etc).

</rant>

-- 
Regards,
Bengt Richter