From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id eOElNf4mX2DQOwAAgWs5BA (envelope-from ) for ; Sat, 27 Mar 2021 13:37:18 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id 0M4nL/4mX2D2DgAA1q6Kng (envelope-from ) for ; Sat, 27 Mar 2021 12:37:18 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1A9041B793 for ; Sat, 27 Mar 2021 13:37:18 +0100 (CET) Received: from localhost ([::1]:54168 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lQ8Bp-0003iC-9W for larch@yhetil.org; Sat, 27 Mar 2021 08:37:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44204) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lQ8BY-0003hz-JO for guix-devel@gnu.org; Sat, 27 Mar 2021 08:37:00 -0400 Received: from mail-wr1-x435.google.com ([2a00:1450:4864:20::435]:40791) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lQ8BW-00078F-Ik for guix-devel@gnu.org; Sat, 27 Mar 2021 08:37:00 -0400 Received: by mail-wr1-x435.google.com with SMTP id v11so8185836wro.7 for ; Sat, 27 Mar 2021 05:36:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:in-reply-to:references:date:message-id:mime-version; bh=oMj0ngzp1+z3jKnkdD20q+nfSnD+xdFshxceJB/420I=; b=gfiLjyYd1KSKYHkWd+p0+DBVYBMo29E9hP8+dSBi+jwkb+Vo5Ggj9B7Z3spn0sz2i3 HQ1sen1NB0PTQk5Z1qdYWAZgRhxAn2dmeef3oivHIFeyVp1K0oOq3aseGdWdY+AuANpX iPN/35qofjoceRUFBzxFfczA53/kHUJP0YGflilLK+WFQuPqysS/qyMAHv3vaIyB8mKG qjNLS2ovUgTMJFnXQIa2VNKNhBL83rEt7iWCTwuE35KFCyWuk1kczpwq6uZhq+ehZjQM n9rvK8Q+MppMndIfTHlgTaYg3hocmHJpguUyLTKlnSAuySXAMbj5q6ydEya2+CUJxCrb EWxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:in-reply-to:references:date :message-id:mime-version; bh=oMj0ngzp1+z3jKnkdD20q+nfSnD+xdFshxceJB/420I=; b=XvxLAIRj91t8243pcQ4dyda2BvjKO9ZzYEUVWBrntKc/HaNAhlMXFDEgftb71qg2Ct QY/yjUYevxqCjHp2exZwB3/K/1+mJeQmGvBYl89C2PAOzgTE8O2C+iQ2agn8wSAnrEgQ cxpQx4DjFuwXpWmQ/xg/GFO3tOevEsALcLHX208P1U+30kZUGv5wZ0TK3YpvaaIWnW+W fHjZ5FTDmO3lAhlmICOc6rRK50T5GvV+eohaoAQXpyBVJ7SLfYffY9qLRUYLsOKwNqxX yFUnzu6XWMdgRbHLJUOCEWsKYqfJWlkPz2Y4gmZ2Z6fQ5JKR0YCr35riRbQFAr/rz2Gx d2Qw== X-Gm-Message-State: AOAM5315mJSbRqknuhR3ogN/oHaowvZEd1AuYP5T4lK4nYQB1+DLz+rD 3fc7FsDzYvxZFfV994IHsn0gOjFxi4k= X-Google-Smtp-Source: ABdhPJwGlC2mJBrdkX9J9p1QIlf50ZruNvHsuXXwVtPBaurIH1/CqqBtDJI6noxCPNkHC3PA2msg+w== X-Received: by 2002:a5d:6852:: with SMTP id o18mr19316586wrw.173.1616848616370; Sat, 27 Mar 2021 05:36:56 -0700 (PDT) Received: from lili ([88.126.110.68]) by smtp.gmail.com with ESMTPSA id j30sm20017520wrj.62.2021.03.27.05.36.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 27 Mar 2021 05:36:55 -0700 (PDT) From: zimoun To: =?utf-8?Q?L=C3=A9o?= Le Bouter , guix-devel@gnu.org Subject: Re: Security patching and the branching workflow: a new security-updates branch In-Reply-To: <12b4006a4a28c9678c523ab129945850b4adf37f.camel@zaclys.net> References: <12b4006a4a28c9678c523ab129945850b4adf37f.camel@zaclys.net> Date: Sat, 27 Mar 2021 13:29:14 +0100 Message-ID: <86o8f493vp.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=2a00:1450:4864:20::435; envelope-from=zimon.toutoune@gmail.com; helo=mail-wr1-x435.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1616848638; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=oMj0ngzp1+z3jKnkdD20q+nfSnD+xdFshxceJB/420I=; b=ji0A7leC0Lrz4pqaVbRq8KH/qUB11qXDUzB3pB31SM3JXpEpIcx6Xw1P/gLta6yyYhkYEq ygqm93M9zq1Pyqljtp1j3KuA5InMoCmqZ8pgs0UKv4hTiBcNzBMQ9NytkloECZUH2d2CkL OBK7N+p29w7ai5AfHHt1ZQvtvpxMBavxqKd2alqGCTfaAhB0FSTM7Pn44Q0vrVfn72bxCY gXdPXEq/xjJpdOYm4r/KhNvLpKhQwbMzTQy5sI4Wk4Fybq5KqpYCazkyxaR5xL88PRIX83 TRurqEkX2niXdcHKzbbDXDqafbCotGtc0ZeHL3GeLm4q5Ip78OlPPGnpFGX4Ig== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616848638; a=rsa-sha256; cv=none; b=Y/QEPRp0Rfj1nwjrGjRFkduJ6LViaiqkgHl1Q9cRnbXJ9jEz3O3j3YCHYAPEhU76CyOSxV YTPlk2hCaT3u8EFHj1jGv6Im+Zmapbj8pdmx6XsCMYg5QFUrGYT5Cf6m8BwZT9fOI8Rd5j tntgFH0TMVWbZ0T+SNCYLBBFlhIauyB6v10yZ4MLryw9CZipcZxw0iqGEUKY0HVqsIIh5l yU9EdIbZUuqOZCPoaJ3o9iEp9w016LpKEAAHsFjagEXg5jrvvRRxFJ8n7bngmFN2bEeq/a NI58kQpLEySHqdG0I2NytarUToZQTLZ3FuK8Mzpd5ehlhLQLkG9iK6efQ6kwbw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=gfiLjyYd; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -1.62 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=gfiLjyYd; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 1A9041B793 X-Spam-Score: -1.62 X-Migadu-Scanner: scn0.migadu.com X-TUID: EWz6pVK8CfQr --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi L=C3=A9o, On Fri, 26 Mar 2021 at 21:10, L=C3=A9o Le Bouter wrot= e: > For these reasons, I would like to propose a new branch called > security-updates that would be based on master where we queue security > fixes that introduce any arbitrary number of rebuilds without using > grafts. > > We would merge the security-updates branch as soon as there is complete > substitute availability for the branch and it's future merged version > within master. Basically, what you are proposing is more or less staging. The issue is that the cycles are sometimes longer than expected. The cycle is defined as 6 weeks for staging. Is it really 6 weeks? Well, It could be shorter if there is more man power *and* if the build farm is working better. About the man power, it is already a good job. Let plot roughly the number of days between 2 merges between staging and master. --8<---------------cut here---------------start------------->8--- $ git log --format=3D"%cd|%s" --date=3Dformat:"%Y-%m-%d" --after=3D2019-01-= 01 \ | grep Merge | grep staging | grep master \ | cut -d'|' -f1 \ > /tmp/staging.txt=20 --8<---------------cut here---------------end--------------->8--- then this tiny R script: --8<---------------cut here---------------start------------->8--- $ cat /tmp/dates.R library("ggplot2") raw <- read.table("/tmp/staging.txt") dat <- raw$V1 dates <- data.frame(start=3Dstrptime(dat[1:length(dat)-1], format=3D"%Y-%m-= %d"), end=3Dstrptime(dat[2:length(dat)], format=3D"%Y-%m-%d")) dates$diff <- difftime(dates$start, dates$end, units=3D"days") p <- ggplot(dates, aes(x=3Dstart, y=3Ddiff)) + geom_point(color=3D'red') + = geom_smooth() ggsave("/tmp/number-of-days-staging-merges.pdf") --8<---------------cut here---------------end--------------->8--- shows the attached graph. Well, it is variable and the variance and standard deviation should be considered. The mean is less then 8 days. Obviously, I can have done a mistake and this should be taken with grain of salt. My point is: we should root the practise on what we are already doing and see what are the incremental changes to improve. For example, staging is not merged since a couple of months. Why? Because none of us is taking the time to make it. Hard to be close to the oven and in the same to the mill. :-) About the build farm, it is doing better and better. Mathieu introduced some plots [1] and again I think we should explore a bit the data to see what is the average time to build staging, how many packages are built on average, etc. Moreover, priorities have recently been introduced. I do know if we have enough time elapse to see their impacts. They are per branch, IIRC, and maybe we could imagine a priority =E2=80=99properties=E2=80=99 ap= plied for a package because it is a security update. IIUC, it is not implemented yet. And as I said elsewhere, =E2=80=9Cto me, security is important. But i= t's no less important than everything *else* that is also important!=E2=80=9C, = so personally I am not convinced that security updates deserve a special treatment compared to a regular update. That=E2=80=99s my opinion. :-) That=E2=80=99s said, from my point of view, staging or security-updates are= only names but somehow they cover the same idea: update a package with many dependants and provide the substitutes as soon as it is available. The key for a better scaling is, IMHO, to tweak what is going to master, staging and core-updates; as I wrote in [2]. But the real hard part is to collectively make this tough work of merging branches on the long run. Cheers, simon 1: 2: --=-=-= Content-Type: application/pdf Content-Disposition: attachment; filename=number-of-days-staging-merges.pdf Content-Transfer-Encoding: base64 Content-Description: graph.pdf JVBERi0xLjQKJYHigeOBz4HTXHIKMSAwIG9iago8PAovQ3JlYXRpb25EYXRlIChEOjIwMjEwMzI3 MDI1MDQ0KQovTW9kRGF0ZSAoRDoyMDIxMDMyNzAyNTA0NCkKL1RpdGxlIChSIEdyYXBoaWNzIE91 dHB1dCkKL1Byb2R1Y2VyIChSIDQuMC40KQovQ3JlYXRvciAoUikKPj4KZW5kb2JqCjIgMCBvYmoK PDwgL1R5cGUgL0NhdGFsb2cgL1BhZ2VzIDMgMCBSID4+CmVuZG9iago3IDAgb2JqCjw8IC9UeXBl IC9QYWdlIC9QYXJlbnQgMyAwIFIgL0NvbnRlbnRzIDggMCBSIC9SZXNvdXJjZXMgNCAwIFIgPj4K ZW5kb2JqCjggMCBvYmoKPDwKL0xlbmd0aCA3MjM2IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0 cmVhbQp4nN1cSY8Gx229z6+Yo33w51p6vcpIDBhIgEQCcjB8MMZREkNjIJaB/P2Q7z2y2JIXKfAp h1lINslX1VUs1tLV33/13t9///7fb//yA39+/u2//vKL949v3/qrtfZef3/78QeJf/HlnxF/+Yt/ du75/j9vv/7Ne3v/3Vt//5X9/P6tN3vg/Z/e8Ae/9raVP3/89/cvAsD7nK/tep/9dff37dhfbbM/ x+vo/ti/vf9hIWyve4z3+tsR/lX9r/9WAdprn6sA7TsFoO2+jdc43j/ftvt67SPob96+1APjnK9j Xw+IXg9szXCVB0T7A/f9Gqfgf4rSUy4ebb56T7nI8sBs52ts+YDI8sDW+2suDyLLA893SMDn8drP hZdkKbB5uUuNiF4PzHm/Zimw6FIjZ3udW6kR0gB8vs574QVV4e725J5ykbXK9v21rQKLrFW236+2 6lRkrbJjvs65IJB8Vpladvz2lvh9LlvY2Z9d5N1Ka5jme7c/3T0UzvHqXjvHa3ajzlc7jDpf8wrq A09fr+1YcqvcbemKgm0+LY51vrl0rSUV26D4tHxLLlzSrbg/3r7w562zXbd1iut1TZYlODf7pL3B 8x3vyV7kYY/tQcHfYY+NlFs7uFrqBgXbRCeOGT1SdzOHV9omRdv0HXLhkm7FHWVpr2O+D+uGd5QF nNk62sjRX3sHdXlZxmu/g6I/6/jHkm+vfVu6oGSbT4tjCI7QHbd1pStsi+LT8J1yIZVuxa2ybP01 7uzJi3G+DgsQFsP6+X6y823TgwYJ+Nq21xwp3V+jpR4JWOWjZFjDuFNv8/AbVkHwUfqUlGikV7A+ 4N+HB8QC34pvgUSmrPRjhiMSBX5IATD0SMBqgX/jd+jhd1gFUeCHlGikV7AKvgW8/Xq/rBNthC/G 9hpe+OZ98LJRgIW3ZkAiHFkNhXR6DYUeCVjlo2QMxAHpdYQBWQXBR+mTUqGhXsW64FubLbUvBmvR CGvfUb82Fp+P2h8+CId0eA9db82JUvtkqBapp/ql1VX78kmp0FCvYg345s+iRBuvK6pfnOkOt3l5 LXRLRy4asPFcVNTVnCn319tTNyjY/oiW6ZzuwSZ1G2JA2G4ZI8K35MJF3QfuKMvuofdRFnFUlt1D ZZbl8PBQy2L+2rHk1+veaj2AWmUJjvBIV1hlu5RFviUXLulW3FGW4YP1oyziCM/0OJZYNx87H2XZ X+dVy3ocS1dUKYs4iecs9S7bpSzyLblwSbfijrI0pkLdnXxWzvBUZrP0YVo8N3THgAUbOUWFP4/n IbeGfS9dUbDNp8VpPixIt1u8t0LItig+Dd8pFy7pVtwqS789uPe++wv+rBxmGKMh8TXKGsc2TLUF BX/DIs+55IZuX7qi9hzJgrNhjA9dZhhhGxSflm/KAxd1H7ijLIcHnj7uVx8qCzlWcA8XBsuSl25V 1CwQdvZGUh8qufdYyc27RcXQFUXbgQ6cyxP60B2njxRhmxRt03fIhVS6FXeUxWqjzC8KZ0NK2i1L sDZmo6gPqR0tWBT9oZWnfEdOEbqiYJtPizN8OEhd6wFt2QbFp+VbcuGSbsXNsswb4z6ybfaX4Fjy 0i3FupEKzAPZ0rRwbtZFfeBpJCAp57widEnRNp8WB9lS6BrVW9omxafpO+RCKt2KW2U58dbHPr29 f1aOBT1za5Vif5y6zZ5Vio3kouDPk+tzyTdvAKkrakbvSo5Fn3Pp2uzkXrZB8Wn5lly4pFtxqyz7 5nFx5YnBUJXtHiZO1ebhLWfliV5FV0/p9Tru1COReWIwsqJdTzVLq5knhk9JiUZ6BesDfr/Q4j4r BzFbxvqF9itfokoRUg6UqSsKtksp+tU8SoWuza/OrB1RpSApFy7pVtwqiyWjFgpX1hUMZE/TZjEW NplXTZvEGN6VdU2bx1g/DCkyutAjkVlXMJA9hR7yqrCaWVf4lJRopFewBvzpqwAXBp3Pxbibl3Ra cm2D541hx7U98cvxzR1Zcw3p6a019EBcObgF48ILo9514n3RKgk+Cp8hJTzpFawBf/hMsAwcwWHw d5UzBw43fT4GDvd+HUt++EieuqTWwJEcBP/Q5cAQttfAEb5DLqTSrbhVFkvcxqMlicEWYUlpXy2p +Z/akronoSEdPoZFSyJRWhIZahHUU1uh1dWS5JNSoaFexRrw0cNLTBKDscWy5G2PqDO5QrVikjmy /iXphmRHeiJWTBKDsUV6jDqyumKSfEpKNNIrWP8/wa+jW3A4QtFYjF70VUc3Qgk5UYZuUGt0Cw5H qNDl6BW21+gWviUXLulW3CqL5ZPWxoaF4JsZVHAuDJPTsk/rrU451oFFL1HwNzZvxynHwlfqkqJt Pi3OBTzStdfnWGWbFJ+m75ALqXQrbpXFpgqWn5VVw+Rg5W/atGg7Y1Vwtt0XAMqq4WyHTzVSfr72 tnRF5aphcpB3py4KkbZz1TB9Sy5c0q24WZZxYwV8BahgINA4cUdM8hUvn99ngPJFL6u3kF4YY6RH IgNUMBBoQg8hKKxmgAqfkhKN9ArWgD/d31reCQaWacaNF88FHNe2sLiWd4YZmldKT58xhB6JXN4J BpZpQg8LOGE1l3fCp6REI72CNeAPH2AqfDIEAyuRARCzhQp/96QnpIfnQ6FHosAnQzCoJ4C0WuDT p6REI72CdcEf/dF4yFAjmA4tmsfmDbI2nn0tFjrAPlKPRGk8ZGQjyOXAsFoaD31KSjTSK1gDfvOe tfIkMZjvDMuB7DUzE3Lt7Sh5kjvaZ0qt0/XUA7HypGBcXBqGHjMhWV15knyGlPCkV7AKvhGzpnli BIyGehLAjgXVAn/4MkZIJwZ+6YGo8MkQDOgFQFit8OFTUsGjXsUa8PHqS+MRg43AHu09m0dDelMa T/f+GNLhTTIaD4nSeMhQI6CemgetrsYjn5QKDfUq1oB/+JBYax8M1aLVwdaifk3bYnKpfdPybF61 33zVaL01I2rtk5G1aHpRv7Baap8+Q0p40itYA/6OllbggxHwD9ST4J++bVXhX2jukt5Yc5ceiAJf DMGAXgCE1QofPkNKeNIrWAP+5i3NF8+sOX5WDrqUq/SBRT1zAtMtqKgre5UpvzwnTl1RsB0FBqf5 jpx0fVFvm2Fb1Idq0nynXLikW3GrLDZW5zv/XAxVqY3dMyvbhu7stvBlWUPGJU9g/EVJj/W7XoUY rFLqqbJptbwK+gzpLC2wYg34w19xb7e/3M/C6c0T28F1ks79bjc99qDobPf+lnJWZ+iSou0oMDgX Xpx0LUXyFyfbpD5Uk+475EIq3YpbZTluz2pLTBKDseXEjoKiztnRw1dMMntbZkPmeGY2JGLFJDEY W6THqCOrKybJJ6VCQ72KNeCfPpet8MkgjOPy1FEATft8wm++wr4Kd6xikyjwyRB86iXA8wFfPiUl GsEvWAP+4RtPpSOQoQZtxJ0d4TjXMsWHXlQ7U3r7zCP0QJSOIAYbNPXU1Gm1dAT6DCnhSa9gDfib z0363D3Z+qycw6toHNz4sJnTQWu+SU7qQy/rnkt+YU0rdEXBdtQsOJtXcOpOr9S0DYpPy7fkwiXd iltl2W8+v8oSHOFpWFELrB0rbrUsg+gkn1itC11RpSziCI90hVW2S1nkm/LARd0H7ijLxpXHXJlM DlYXfUa851rk2HFmqaxMjv3kWqPkly9ap66oXJlMTuP8mbpceQzba2UyfIdcuKRbcass244tmxJs xVHA3A5sQSmYbie2p0qw3S5fckz5jSMooUuqBNvgMGBKV8FUtkuwle+QC6l0K+4oy/DOU7o7Geq2 Gyar6tAbqqJ0d7N3Zna7YU4ceiBKdxeD3ZZ66tC0Wro7fYaU8KRXsAb87qsc3drnrWgbnIltAlOx +OzUPWl6BEVnG3bYQr7jiFvoioLtKDA4zftq6jZsMYRtUB+qSfiWXLikW3GrLNZ7el0oCwYWvMbE vJtLYcM6ca97D8P6+GgpxdQ+9EjkQlkwsOAVelgKC6u5UBY+JSUa6RWsD/h9DG9kn5XDPktjfWzY 6aUvUaUIKQfK1BUF26UUfXSsl4Uu+2zYBlUKknLhkm7FHWWxWcldt4CTg+WiMXFOUFu8Y2J2U7aA h4XFMZZ885201BWVW8DJwTZu6mK5KG3nFnD6lly4pFtxqywDAb9G3uAweg4MDxFZx/WdPaExbhwy k9w8HLmflNSKvMFhTUtXkVW2S+SV75ALl3QrbpXFqpD7LNHExDgx7vRLe0I2SR++Gz5F0FdTsuVS e/fcE3I9EUc2LjFwVjL0NmwHyyoIPCqfkp7aE3K9ijXg7+WEyWfl4NTG6JYyjDjR4Qb8TN468eHO 7nPJbyQYoSsqT3wkB6c2UhcnOtJ2nvhI35Lv5eTLE3eUhWtUa+AgQwNAx2k+DQ2mfjwWPjqWwkJ6 ehAJPRBl4BCDAwD1NDTQahk46DOkhCe9gjXgDywdrSxdDGbbprDlwofZ3R4LH340IBc+DNOW2b2I laWLwWxbeszDZXVl6fIpKdFIr2AN+I1va6Ug4iiN6DiIECmGGTjPRwpizq59ybEAmbqkSgoSHKYR 0lWKIdslBZHvkAupdCtulcXPS5+PsogjPO2qWBuOdT7K4meNV1m6H28t9eBULYs4wkNdYZXtUhb5 DrmQUveBO8qy+9CDg8RRFnEuHlk6cPz1vLnyceJYDanw148lv3GCP3RFwTafFufgesYVh5TnsWyD 4tPyLblwSbfiZlm6TSq3UfKRYCCv6Cc2OJlxdJs+z7PkI771kdt6vvNh0+fQI5H5SDCQV4TexhSd VjMfCZ+SEo30CtYH/BJsk4OAKWMKpvJVgq2gpHzjQUbpispgmxwEzNRFME3bGWzTt+TCJd2KW2Wx eaYfVdmaT8o+K4et2SfQgwnyAQu9BRX+/JhMyAfzW+oGBdt8mpx5c7im7mRPkG1SeFq+JRcu6T5w qyz7XOdePwsDEbTvqG7G1m4Ts6uepu02d7v3lJ6+1R96JDLyBgMRNPQQW8NqRt7wKelcp3AfWAP+ d7ZbgiEYZbvF7fYn/LLd4pj6KvZ3tluCIRhluyWsFvhluyXQSO972y3+ZcFju0UMDr99L9strv3Y bnFHud3iMHK7RcQatoOB4Vd6HJhldQ3b8hnSst3ywCr4Nhme9ShHMFSLzdceo377Ovf+oRe1raZl WfZV3tq4HrVPRtbitppHX6fiP1R/I5uW0FCvYg34J1dNckUnOUx2fXa/xYqNGzh6XdFxZ1ijoXzn JFK6QeWKTnKwKpO6WLFJ27mik74lFy7qPnBHWQafL2URR2WZiGNRlg1xupTFVyPOJT8QMUNX1CpL cIRHusIq26Us8i25cEm34lZZ/CBF3UcSQ63bQtuMfaQ++VZXr/AjG7GP1P3YT+waiCi9Qgy2buqp 3dNq6RX0GVLCo17FGvAPb651qAsOhytT6Xnq3U2P+Rjq3HueLXdgPomUblBrqAsOh6vQ5VAWttdQ F74lFy7pVtxRFnwVWV8FGPEqNh+z4lXsOM+wXoX5ahmgjLgzQJEor0KMrNKWAYpW66uAz5ASnvQK 1oCP0zf5lWThYJcLTZLdwSf5bnoERWc4J5Tygw1JuqJg+0OvWQ2t30sXu1xpu0W6mL4lFy7pVtwq ix+w8/3E5lg+K4fpy8AHEeMaPNl9ewopiv4aTkJI7usWd+oG1VbJyTlxNC50TxyHC9uk8LR8h5y4 pPvArbJYqrw/DvUnB6symC/kio3PJba7ruh0n4OdS878LnRF5YpOcrAqk7pYsUnbuaKTvikPXNR9 4I6yIDeokTc4R8zFfFKjyNq4UlYib1MVU+7f987UDWpF3uAweoYuI2vYXpE3fEsuXNKtuKMsmICV SYYYnCw0pKiaRliYuI86yWiosJCivkKPxJpkiMHJgvQ4jZDVNcmQT0mJRnoF6wN+WfRMjj6gYY7N RU35KouegpJyvvORH/6AykXP5GDhMnWxXJa2c9EzfUsuXNKtuFkWPwPGt7Oxtwfj8ML7l5ZsUxMp 7X0GQV8NC6zkOHXP0EwKhuPpm03Kw1roTqSbMj1jCh6OKRUkKD4AqwwdZ55z8CDNMeAeyPIxONxz DSNwsmF+QNmOiQN18P8aNkRfWgS8Y/ymvTVm0JdkxESdgk+IOT6tBhSMqeePbDD34CHpbD3utad0 Q3onPRHZdIKBtx96aBhhNdtN+KRUaKhXsRL+dSBlWJlHMKYOnx/5hZrVwPn4sNCq4co85G78BG3G C3t8VRgMpA2hh4wirGbCET4pFRrqVayCv0VkCfhiEP7uiX/AP6LTBfyTu2lRuC2XB4JI+MEgDOkF wO3xFWH4pFRoqFexCv7wucdq7qT5mvyMYDQgP/DSSnM3JyOavyHosWzL/1dzF42mSx02adpbzZ2+ JCMm6hR8Qtxxuivnb6IxDbtwjJnzM7PY6tTZPPaYOV84PC0d/p8zN9GYgEkHMzPZy2mbfFFGDNQp +IjYcootT798LgYXGD3HyK3cix8arqXJa5SNYIPgaZf0SKx1yWBgaVF6XHWU1bUoKZ9kBDzoPbAK Pj7vKi08GGipNlxuW7RhH0gfX5iauT03IMyrn2lWCxexWrgYaKmhhzYcVrOFh09KhYZ6Favgb6zf TNuCgczLD1EfkZRxJbPkbFzMDOlV9u+CyIQtGJFDQI9ZgqxmthY+I4cAGupVrILfkFUfmFp/Fsbt CZF/Lcgltd1qfyBdJwFHEwOfpPwIRnoiYPWDlQLG6S9BesfhL0FWSeBR+pRUaKhXsRL+MWBq1X4w UIt+E8gV9Xts+GZn1f6xc52e0gMjjvREZO0HA7UYeqjfsJq1Hz4pFRrqVayEv9/e1VZuKRop4tHW ivXRvUWuxNKvm4jPUMzhFumo/s+sUjSSQ+kga5S9TCnlC7QwQKfiq4hXQCfN4EwrDNr0sAI6vUsG VNLB/yugi0Zwpg6DNu2tgE5fpIUJOhWfEF8ehksdk0Z92dMj8vMDk85Sx1j1kwyTTtUx/191TJp1 TB3WMe1lHcsX65gYWMcFX0W8hiDRGE5ohcMMPawhiN4lAyrq6P8cgkRjOJEOhhnZyyFIvkALA3Qq PiE+MKlZOWIwkOvtJ/ICZoH+SWarOaJ58Q/KyTAInnpQL4jMEYOBXC/0kAWG1cwRwyelQkO9ilXw R7mL4LMwMJT44nAOQbsmijkE7ZgrhhRvMfRE5BAUDAwloYdBJqzmEBQ+KR3lYoQHVof/819+Oczs f/iNWwfuMlq//Z4j2Z64VOfzzart5sKWyb95O3g0duJs7zdvFmIPLtE2kEdMYLrfF3UhTcD0eDp5 +KEIN4WLlu4R03iLlUaeSBEmzp9+8+aIY8nxBn3hDMyGkhrddXsXJjBO46YfX/TtfpmVNxBfpPEl 9w6a6w47dneN9tWkG+v6txfMF5F8XLRKvw7Q+Fy+e0sBHjPkCyUHVsedPnDQ98BpDqP9H5cPj91O c93gmLLve2Y+Tm1+EsPpE5vKRh/Ac+GMltNtgL6Q+pi9E+W/udZ14Bsap/FZQbf3M50e/onWgV0i 1I9vpfoYtO+sXt+r79zlGG7PT4F4GuN7LQM0v1H1T+9gb/LaE6P7DpqtcUdeZPTWuZp6eztxmufX jca796/2tNB+w/7OzWVf9gZtFTO5UnhP0BeaEj+FNZpfl3XeIeM0Cuo03oefeT8lx/M2PjSuLOJ9 +Bc93p78Y1vHO5uWsHGUymmeqdpOybWK5dsIO+jDe4yX//D68s/5PKPaMV47fbI97f5ajPb1xhv1 vx2gL7anyxu90Q6s4X3RnjXUm4fpgNe/GPdlxANnDb7BvWW+mOXvH3j98ju2J7QH/9hf7Qntddro gPa086626V8xHkiF0DWnT8w6siG032ljq88z/bw3/N+8vIIHr7952/jZgjdbvP+t6Wt4XX7nV0Z4 ezrxpZrT2ho/fUnMaIvJnn35CuYG+sYC8IWj6EZb//P2dE2+f79Kx9uTBwnY96ubXH67GaN9t8e/ f5jytyMv6lwzMfrAVoR/A9Hgz28JvHAOYHp9bL4HPHkiAvZ5NZqfBEH/iKvSmvqrnvdJCfqL7GG2 05Y/D0OjFzx95/sLvH4uaSvl6Uh4V3ltkGmz1McYvDsw6ov3p6z6HGrvUd9jsD3G+zB6buV9+Y0r o7zPEe1N79vw4PK/aA9mds7SXvrJwB/tqeOykdXe+sbyR3vsyM9Xe/VudZT2bPXXj9LeG24kWv2h aTiI/tIO0epPbdfz6m9+zmMr/dHCIK4ijP7aJkeb6M9tCL/6e8ONNCseNMxOMl7cutlQ4cSTpWNF G8+X5gpGt7AqVjl5rlB2I0BmpLtPdmQFwvuSlHHyvjhmKoz6RXAlyhoqNBIFYb9Xclsx2u+JayWE e5fYS4i3KkARYwjwZdezDBENI98aQqxmGKI1xPgaeStDUMOK1RqiGvLANYQ1fLK0hjintzIEGj3r ENlwF8saQtvFEBhDrNHokjEEt5OXS8YQ7Sv2ZxnCDT/eUgzxXj4MoUoBmkJopAgNp1dXCtEmm2yk GFZ/DUO8UhDevJQpyo1zI5nB3AfRM7+5NzZXJj+33gwzI/92ze1csbqCJ5lTnRfriAmXT4Jdj9nY cbDLMVU7GhsD8zgbrhCO/9MvS/3ll51530DGtz3uSh2O/XFXKi3c6MeRCFrhYE95YMPqUuaBHjzP xOwVj6IrD2xKVZQHWgfESKU80I8PrnrqHWubKw/s0SiUB/IL+vUShuJwvKShlDRe4jgYh+Mlj0uN Uo1gKI+JRuJ9Z5RG5Ldw3aWRTZzAXI2QN46tRupJbyuNeOLezdXIp15adIKJm05WJ5mqu+hEfgS8 l042d5VfnXBGJ1YnncpzoxNPvIPVycfNOBpBYFzKG0feVaKYwiBi9dfbijFev/1aIQjzsWNFKFR7 XwHM3w/GzcgDx2BcjjxwKA5HHjga84DIA43G+4w80NoDgk7kgX42uETmPpT3Rx44OunIA8dg0Ii4 P9QxY1wYmrTEuOFbsHVcGZoXxLgzG7tyjEuzs8PGuGVsjqsa1/xQ/F7GvbmJ1rg40cHWuDkPBs0Y V+fJcT3GXT+ttpVxeUM1rHHb51F7Gdc9j55l3N+U90ReYM2+1zww8vbIKzYsbqy8wy9ahVx5yRZ5 lvKWvStPU16zj2feYzTaf+RFFrgu0Mqb/EIl2FNete/MWyLvsm7IPE95mV/2BfvK2/z0HPIk5XX7 pbxIed+eVxj/0Lu1/9LPF19xjn15rC3XW8/mF1uv37iA+x+tKO9fff1+52Xa+AVyYKp74qjEV5/v P2k/ff/q92//8BU8/DXFjr7skcB6hmuOH6nqd61YmHfV7Ueq+qW81tFc9UjVvI5cI1Be2x1D0fr9 /XvHv3dtN+6SjgW6eqM1b8zG93txhfXjRuslzxusHxdaL3leYP24z/rHtI6/S1F5PbafFTnzsmze W13uyg7x4+rsclV2yB83Z5ebskP+uDi7XJSd7uu92bUq/m4N3j/28Q/iPYCw2fb7Z63/4AY4cX36 d/XPH6rvH11d86E/2o/wjyuyzu/p/2D/m8VYPzBU9Xvx/2MDzp+7xTwB8DuBhYA07nGy7uRjgSH4 9U++/dNv//jT95/Z0P2TP/30N+9f/aoC+T85Lt5+VkDYMOLTcYZpL/zv/uvrr/9Wyf/iz9v/AlIt Zf9lbmRzdHJlYW0KZW5kb2JqCjMgMCBvYmoKPDwgL1R5cGUgL1BhZ2VzIC9LaWRzIFsgNyAwIFIg XSAvQ291bnQgMSAvTWVkaWFCb3ggWzAgMCA1MDQgNTA0XSA+PgplbmRvYmoKNCAwIG9iago8PAov UHJvY1NldCBbL1BERiAvVGV4dF0KL0ZvbnQgPDwvRjIgMTAgMCBSID4+Ci9FeHRHU3RhdGUgPDwg L0dTMSAxMSAwIFIgL0dTMjU3IDEyIDAgUiAvR1MyNTggMTMgMCBSID4+Ci9Db2xvclNwYWNlIDw8 IC9zUkdCIDUgMCBSID4+Cj4+CmVuZG9iago1IDAgb2JqClsvSUNDQmFzZWQgNiAwIFJdCmVuZG9i ago2IDAgb2JqCjw8IC9BbHRlcm5hdGUgL0RldmljZVJHQiAvTiAzIC9MZW5ndGggMjU5NiAvRmls dGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeJydlndUU9kWh8+9N71QkhCKlNBraFICSA29SJEu KjEJEErAkAAiNkRUcERRkaYIMijggKNDkbEiioUBUbHrBBlE1HFwFBuWSWStGd+8ee/Nm98f935r n73P3Wfvfda6AJD8gwXCTFgJgAyhWBTh58WIjYtnYAcBDPAAA2wA4HCzs0IW+EYCmQJ82IxsmRP4 F726DiD5+yrTP4zBAP+flLlZIjEAUJiM5/L42VwZF8k4PVecJbdPyZi2NE3OMErOIlmCMlaTc/Is W3z2mWUPOfMyhDwZy3PO4mXw5Nwn4405Er6MkWAZF+cI+LkyviZjg3RJhkDGb+SxGXxONgAoktwu 5nNTZGwtY5IoMoIt43kA4EjJX/DSL1jMzxPLD8XOzFouEiSniBkmXFOGjZMTi+HPz03ni8XMMA43 jSPiMdiZGVkc4XIAZs/8WRR5bRmyIjvYODk4MG0tbb4o1H9d/JuS93aWXoR/7hlEH/jD9ld+mQ0A sKZltdn6h21pFQBd6wFQu/2HzWAvAIqyvnUOfXEeunxeUsTiLGcrq9zcXEsBn2spL+jv+p8Of0Nf fM9Svt3v5WF485M4knQxQ143bmZ6pkTEyM7icPkM5p+H+B8H/nUeFhH8JL6IL5RFRMumTCBMlrVb yBOIBZlChkD4n5r4D8P+pNm5lona+BHQllgCpSEaQH4eACgqESAJe2Qr0O99C8ZHA/nNi9GZmJ37 z4L+fVe4TP7IFiR/jmNHRDK4ElHO7Jr8WgI0IABFQAPqQBvoAxPABLbAEbgAD+ADAkEoiARxYDHg ghSQAUQgFxSAtaAYlIKtYCeoBnWgETSDNnAYdIFj4DQ4By6By2AE3AFSMA6egCnwCsxAEISFyBAV Uod0IEPIHLKFWJAb5AMFQxFQHJQIJUNCSAIVQOugUqgcqobqoWboW+godBq6AA1Dt6BRaBL6FXoH IzAJpsFasBFsBbNgTzgIjoQXwcnwMjgfLoK3wJVwA3wQ7oRPw5fgEVgKP4GnEYAQETqiizARFsJG QpF4JAkRIauQEqQCaUDakB6kH7mKSJGnyFsUBkVFMVBMlAvKHxWF4qKWoVahNqOqUQdQnag+1FXU KGoK9RFNRmuizdHO6AB0LDoZnYsuRlegm9Ad6LPoEfQ4+hUGg6FjjDGOGH9MHCYVswKzGbMb0445 hRnGjGGmsVisOtYc64oNxXKwYmwxtgp7EHsSewU7jn2DI+J0cLY4X1w8TogrxFXgWnAncFdwE7gZ vBLeEO+MD8Xz8MvxZfhGfA9+CD+OnyEoE4wJroRIQiphLaGS0EY4S7hLeEEkEvWITsRwooC4hlhJ PEQ8TxwlviVRSGYkNimBJCFtIe0nnSLdIr0gk8lGZA9yPFlM3kJuJp8h3ye/UaAqWCoEKPAUVivU KHQqXFF4pohXNFT0VFysmK9YoXhEcUjxqRJeyUiJrcRRWqVUo3RU6YbStDJV2UY5VDlDebNyi/IF 5UcULMWI4kPhUYoo+yhnKGNUhKpPZVO51HXURupZ6jgNQzOmBdBSaaW0b2iDtCkVioqdSrRKnkqN ynEVKR2hG9ED6On0Mvph+nX6O1UtVU9Vvuom1TbVK6qv1eaoeajx1UrU2tVG1N6pM9R91NPUt6l3 qd/TQGmYaYRr5Grs0Tir8XQObY7LHO6ckjmH59zWhDXNNCM0V2ju0xzQnNbS1vLTytKq0jqj9VSb ru2hnaq9Q/uE9qQOVcdNR6CzQ+ekzmOGCsOTkc6oZPQxpnQ1df11Jbr1uoO6M3rGelF6hXrtevf0 Cfos/ST9Hfq9+lMGOgYhBgUGrQa3DfGGLMMUw12G/YavjYyNYow2GHUZPTJWMw4wzjduNb5rQjZx N1lm0mByzRRjyjJNM91tetkMNrM3SzGrMRsyh80dzAXmu82HLdAWThZCiwaLG0wS05OZw2xljlrS LYMtCy27LJ9ZGVjFW22z6rf6aG1vnW7daH3HhmITaFNo02Pzq62ZLde2xvbaXPJc37mr53bPfW5n bse322N3055qH2K/wb7X/oODo4PIoc1h0tHAMdGx1vEGi8YKY21mnXdCO3k5rXY65vTW2cFZ7HzY +RcXpkuaS4vLo3nG8/jzGueNueq5clzrXaVuDLdEt71uUnddd457g/sDD30PnkeTx4SnqWeq50HP Z17WXiKvDq/XbGf2SvYpb8Tbz7vEe9CH4hPlU+1z31fPN9m31XfKz95vhd8pf7R/kP82/xsBWgHc gOaAqUDHwJWBfUGkoAVB1UEPgs2CRcE9IXBIYMj2kLvzDecL53eFgtCA0O2h98KMw5aFfR+OCQ8L rwl/GGETURDRv4C6YMmClgWvIr0iyyLvRJlESaJ6oxWjE6Kbo1/HeMeUx0hjrWJXxl6K04gTxHXH Y+Oj45vipxf6LNy5cDzBPqE44foi40V5iy4s1licvvj4EsUlnCVHEtGJMYktie85oZwGzvTSgKW1 S6e4bO4u7hOeB28Hb5Lvyi/nTyS5JpUnPUp2Td6ePJninlKR8lTAFlQLnqf6p9alvk4LTduf9ik9 Jr09A5eRmHFUSBGmCfsytTPzMoezzLOKs6TLnJftXDYlChI1ZUPZi7K7xTTZz9SAxESyXjKa45ZT k/MmNzr3SJ5ynjBvYLnZ8k3LJ/J9879egVrBXdFboFuwtmB0pefK+lXQqqWrelfrry5aPb7Gb82B tYS1aWt/KLQuLC98uS5mXU+RVtGaorH1futbixWKRcU3NrhsqNuI2ijYOLhp7qaqTR9LeCUXS61L K0rfb+ZuvviVzVeVX33akrRlsMyhbM9WzFbh1uvb3LcdKFcuzy8f2x6yvXMHY0fJjpc7l+y8UGFX UbeLsEuyS1oZXNldZVC1tep9dUr1SI1XTXutZu2m2te7ebuv7PHY01anVVda926vYO/Ner/6zgaj hop9mH05+x42Rjf2f836urlJo6m06cN+4X7pgYgDfc2Ozc0tmi1lrXCrpHXyYMLBy994f9Pdxmyr b6e3lx4ChySHHn+b+O31w0GHe4+wjrR9Z/hdbQe1o6QT6lzeOdWV0iXtjusePhp4tLfHpafje8vv 9x/TPVZzXOV42QnCiaITn07mn5w+lXXq6enk02O9S3rvnIk9c60vvG/wbNDZ8+d8z53p9+w/ed71 /LELzheOXmRd7LrkcKlzwH6g4wf7HzoGHQY7hxyHui87Xe4Znjd84or7ldNXva+euxZw7dLI/JHh 61HXb95IuCG9ybv56Fb6ree3c27P3FlzF3235J7SvYr7mvcbfjT9sV3qID0+6j068GDBgztj3LEn P2X/9H686CH5YcWEzkTzI9tHxyZ9Jy8/Xvh4/EnWk5mnxT8r/1z7zOTZd794/DIwFTs1/lz0/NOv m1+ov9j/0u5l73TY9P1XGa9mXpe8UX9z4C3rbf+7mHcTM7nvse8rP5h+6PkY9PHup4xPn34D94Tz +2VuZHN0cmVhbQplbmRvYmoKOSAwIG9iago8PAovVHlwZSAvRW5jb2RpbmcgL0Jhc2VFbmNvZGlu ZyAvV2luQW5zaUVuY29kaW5nCi9EaWZmZXJlbmNlcyBbIDQ1L21pbnVzIDk2L3F1b3RlbGVmdAox NDQvZG90bGVzc2kgL2dyYXZlIC9hY3V0ZSAvY2lyY3VtZmxleCAvdGlsZGUgL21hY3JvbiAvYnJl dmUgL2RvdGFjY2VudAovZGllcmVzaXMgLy5ub3RkZWYgL3JpbmcgL2NlZGlsbGEgLy5ub3RkZWYg L2h1bmdhcnVtbGF1dCAvb2dvbmVrIC9jYXJvbiAvc3BhY2VdCj4+CmVuZG9iagoxMCAwIG9iago8 PCAvVHlwZSAvRm9udCAvU3VidHlwZSAvVHlwZTEgL05hbWUgL0YyIC9CYXNlRm9udCAvSGVsdmV0 aWNhCi9FbmNvZGluZyA5IDAgUiA+PgplbmRvYmoKMTEgMCBvYmoKPDwKL1R5cGUgL0V4dEdTdGF0 ZQovQ0EgMS4wMDAgPj4KZW5kb2JqCjEyIDAgb2JqCjw8Ci9UeXBlIC9FeHRHU3RhdGUKL2NhIDAu NDAwCj4+CmVuZG9iagoxMyAwIG9iago8PAovVHlwZSAvRXh0R1N0YXRlCi9jYSAxLjAwMAo+Pgpl bmRvYmoKeHJlZgowIDE0CjAwMDAwMDAwMDAgNjU1MzUgZiAKMDAwMDAwMDAyMSAwMDAwMCBuIAow MDAwMDAwMTYzIDAwMDAwIG4gCjAwMDAwMDc2MDAgMDAwMDAgbiAKMDAwMDAwNzY4MyAwMDAwMCBu IAowMDAwMDA3ODM1IDAwMDAwIG4gCjAwMDAwMDc4NjggMDAwMDAgbiAKMDAwMDAwMDIxMiAwMDAw MCBuIAowMDAwMDAwMjkyIDAwMDAwIG4gCjAwMDAwMTA1NjMgMDAwMDAgbiAKMDAwMDAxMDgyMCAw MDAwMCBuIAowMDAwMDEwOTE3IDAwMDAwIG4gCjAwMDAwMTA5NjYgMDAwMDAgbiAKMDAwMDAxMTAx NSAwMDAwMCBuIAp0cmFpbGVyCjw8IC9TaXplIDE0IC9JbmZvIDEgMCBSIC9Sb290IDIgMCBSID4+ CnN0YXJ0eHJlZgoxMTA2NAolJUVPRgo= --=-=-=--