From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id SKywI9i7Y2A4TQEAgWs5BA (envelope-from ) for ; Wed, 31 Mar 2021 02:01:28 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id CDyjHdi7Y2D4ZgAAbx9fmQ (envelope-from ) for ; Wed, 31 Mar 2021 00:01:28 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 171EC16394 for ; Wed, 31 Mar 2021 02:01:28 +0200 (CEST) Received: from localhost ([::1]:48678 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lROIZ-0002rs-9t for larch@yhetil.org; Tue, 30 Mar 2021 20:01:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58236) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lROIN-0002rm-7n for guix-devel@gnu.org; Tue, 30 Mar 2021 20:01:15 -0400 Received: from mail.zaclys.net ([178.33.93.72]:51151) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lROIJ-0001jk-UF for guix-devel@gnu.org; Tue, 30 Mar 2021 20:01:14 -0400 Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12V019gR006553 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 31 Mar 2021 02:01:09 +0200 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12V019gR006553 Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1617148869; bh=z01uWbFdq6LM/eBlliEvN7P8AOcb3eGqRTukf2qMbu0=; h=Subject:From:To:Date:In-Reply-To:References:From; b=BYWT1wT9l/Vex1eQeNAozjbEmxsYqPFJZBVKZA04Bfxt2A4w1nsyqAGWEHol7PdsE gkIn0BwJDpO8shS+v2SNqtbIrXjwn3IN5ujHJXaGmSfjPoEdDdX4jg39Ye859Xwy2j VYnLBJBrfpx5/1yZ4JM1slr/v1hu2hIigDh3GEcw= Message-ID: <33f1494fd4ad899a4a9851c002a534f1c69861b7.camel@zaclys.net> Subject: Re: Security patching and the branching workflow: a new security-updates branch From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: zimoun , guix-devel@gnu.org Date: Wed, 31 Mar 2021 02:01:04 +0200 In-Reply-To: <864kgshnfp.fsf@gmail.com> References: <864kgshnfp.fsf@gmail.com> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-t3iJFkwV1kHvnhnnxJoc" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Received-SPF: pass client-ip=178.33.93.72; envelope-from=lle-bout@zaclys.net; helo=mail.zaclys.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1617148888; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=z01uWbFdq6LM/eBlliEvN7P8AOcb3eGqRTukf2qMbu0=; b=q04q2FhVGwYEAb/6cre8kwKkyjXJDT6vD0gg9LuMcH67hILJG4NE40EPDuDIKGZik/1pDl sxeIPblve1Z+LMewRzMLK1XDABT57wWbaPZN8ir4ee6ju8Iejw8YHzdiFlzc2x8d264ves wdKv07nCZn/d1J0GRHOvjNLzHvzfvbUyxpDvnFAbpXUT3AFUK+/u608JPbH+aviCO4t0+J BUQJ1ZYDTRY453PCLdA4G+zc+gDwUKyFhw4yabbI2OOK/pvc0oZ6zxdHy/HmTF2bJxZuIS gvv+hQ/jskmknmu//i8TR/wkZ6FXVXtfkxDvUtVClftoY0noUJj2vK4jTvJJRg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1617148888; a=rsa-sha256; cv=none; b=FCCfnaV05YRj0WY5r2gu7ugLBv6izkZfcXU+v+Rk6cfhEtISxL4QEXwm4ejWeJYQ01KQjl Er/Rz4kahDT0hNldXsxAxet1ACGhSBx5LYRq7bbZRBYAslwW78BH/GnLQSVkegHSgoaaHB XTu3gkLsIr+EaoTP27rYcjuGVrgGt2a1QnwbGOmCOUILJrWuwUu9ve/LpgPRLeXvVyg71l 2tC/lrUijNQ3kFKffUOLtH2LdDuq2BHkPWktq+Ps2ZyqgitNYf1Pov0ffF1EWUtNeOQj3f I6LV0dBW72yqV6FLzOQt5kkkZywPphc7cYttM9fxUfjVsEmKtQY87XZKaz5h1Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=zaclys.net header.s=default header.b=BYWT1wT9; dmarc=pass (policy=reject) header.from=zaclys.net; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -5.22 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=zaclys.net header.s=default header.b=BYWT1wT9; dmarc=pass (policy=reject) header.from=zaclys.net; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 171EC16394 X-Spam-Score: -5.22 X-Migadu-Scanner: scn0.migadu.com X-TUID: FsAbfnCEW9pM --=-t3iJFkwV1kHvnhnnxJoc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 2021-03-30 at 13:48 +0200, zimoun wrote: > Ahah, I am happy to know it. I hope it is because a > =E2=80=9Cmiscommunication=C2=BB > and not because you do not carefully read or because maybe you only > see > through the tiny lens of known security vulnerabilities. From my > opinion, your point of view to tackle the issue is wrong. That=E2=80=99s > said. I feel harassed by your comments because you obsessed on this zstd issue and try to make it the cause of some other problems you saw without any evidence. I don't think I look through the "tiny lens of known security vulnerabilities", every distro has prioritization for security updates, I think it is the right thing to do, that's how I work with it and I think it is right. If you don't agree then OK but I wont stop thinking it's the right way to do things and that not prioritizing security issues does not work. >=20 > Best regards, > simon L=C3=A9o --=-t3iJFkwV1kHvnhnnxJoc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBju8AACgkQRaix6GvN EKZjyw/+NE49oUDAyHHCSlDM42AgyTuv0LouUSn5jlCVT5h62oRg800U+4LrNZ9k YtJrzG6Kj89ANtv4jf1Y55bPYaiFzgX31vrz9JKON/+ahyYa2yCjPY1cdtST40l5 8JJMRpGe43Guc3nofS6r4PHAoX8I0JsBBLXIRjfg/iKKZIAhsaorZyb7ZtYNvshq rK4AALCdxbAhrqyeffIXmWPVEiTtndMJvhBlrVRUFK2P0vjh8bRU1JauqJAiIixv 57h3KW7cfK6tEvZlq1eojmBf+4saw1NcPENV3Iyp3SXttfRya+Ln1UfA3Ykxev43 yle3i7l86gvTnKuTi5a72S+tVZpwkSj0d4USmjNDP3Zjf9t5de8EKkxlkfIfKFqr KTKK1Behe2/TvZZjQ5XZnP47M8eB2dhiWJ0NEJDoaZP6f2Uhz1nMSfdiphq328ho JIXEqRFld5l1xaJD00QegllhgSlMirkQgysn3vfdFqq5CGHFZj6jSr3bQZZuUmtL z/LF6qRYL84B9znF115hKjHN0TRyDY0bZ82Y/rUrWz+juaXnja9r/77yVydAF78v 3YWnwvVAqr3aZ0wC8hBPZwQwKfSZKHx+W4gtlVjd6ZTZDOCINJgcn5ReQ5/pYjuS eWH5OIMV6vWauyrew2za/pMkRXn0k0K7ciI72idREvzKqWIQX7s= =AHmA -----END PGP SIGNATURE----- --=-t3iJFkwV1kHvnhnnxJoc--