From: Chris Marusich <cmmarusich@gmail.com>
To: Christopher Baines <mail@cbaines.net>
Cc: guix-devel@gnu.org
Subject: Re: Security related tooling project
Date: Sat, 03 Apr 2021 22:09:24 -0700 [thread overview]
Message-ID: <87mtuebpq3.fsf@gmail.com> (raw)
In-Reply-To: <874kgn4plq.fsf@cbaines.net> (Christopher Baines's message of "Sat, 03 Apr 2021 11:41:37 +0100")
[-- Attachment #1: Type: text/plain, Size: 1385 bytes --]
Christopher Baines <mail@cbaines.net> writes:
> In terms of looking at security from a project perspective, I'm thinking
> about these kinds of needs/questions:
>
> - What security issues affect this revision of Guix? (latest or otherwise)
>
> - How do Guix contributors find out about new security issues that
> affect Guix revisions they're interested in?
>
> From the user perspective, I want to look at things like:
>
> - How do I find out what (if any) security issues affect the software
> I'm currently running (through Guix)?
>
> - How can I get notified when a new security issue affects the software
> I'm currently running (through Guix)?
>
> Please let me know if you have any comments or questions!
I think this is a great plan! The last two points in particular are
particularly useful, I think.
Everyone needs security. I think Guix is in a unique position where it
is so easy to modify packages that (in theory, at least) anyone who
cares can figure out how to submit a change to upgrade and fix security
vulnerabilities.
People and companies are more likely to go out of their way to fix
packages they care about. Therefore, making it easy to identify
vulnerabilities in specifically the packages they care about, and making
it easier to get involved in the community to fix them, are important
goals.
--
Chris
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 861 bytes --]
next prev parent reply other threads:[~2021-04-04 5:10 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-03 10:41 Security related tooling project Christopher Baines
2021-04-03 16:13 ` Security related tooling project OFF TOPIC PRAISE Joshua Branson
2021-04-04 8:17 ` Christopher Baines
2021-04-04 13:35 ` Joshua Branson
2021-04-03 21:44 ` Security related tooling project Léo Le Bouter
2021-04-04 8:24 ` Christopher Baines
2021-04-04 5:09 ` Chris Marusich [this message]
2021-04-04 8:27 ` Christopher Baines
2021-04-04 10:43 ` Xinglu Chen
2021-04-04 20:32 ` Chris Marusich
2021-04-17 15:20 ` Ludovic Courtès
2021-04-18 2:49 ` Bengt Richter
2021-04-23 20:34 ` Christopher Baines
2021-04-23 20:32 ` Christopher Baines
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mtuebpq3.fsf@gmail.com \
--to=cmmarusich@gmail.com \
--cc=guix-devel@gnu.org \
--cc=mail@cbaines.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).