From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:bcc0::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id 6KLbIKecXGDMXAEAgWs5BA (envelope-from ) for ; Thu, 25 Mar 2021 15:22:31 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id 6HJ+HKecXGC6UwAAB5/wlQ (envelope-from ) for ; Thu, 25 Mar 2021 14:22:31 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1BAEDFFA6 for ; Thu, 25 Mar 2021 15:22:31 +0100 (CET) Received: from localhost ([::1]:40462 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lPQsY-0005zO-64 for larch@yhetil.org; Thu, 25 Mar 2021 10:22:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46832) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lPQsQ-0005zD-Bc for guix-devel@gnu.org; Thu, 25 Mar 2021 10:22:22 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:51812) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lPQsP-0005m8-TT; Thu, 25 Mar 2021 10:22:21 -0400 Received: from [2a01:cb18:832e:5f00:6893:84b0:dbe3:3cb1] (port=45066 helo=mathieu-HP-EliteBook-840-G1) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lPQsO-0001R7-T6; Thu, 25 Mar 2021 10:22:21 -0400 From: Mathieu Othacehe To: Leo Famulari Subject: Re: [opinion] CVE-patching is not sufficient for package security patching References: <9b9a43a584e2dc70488482fce5931b46abd0e006.camel@zaclys.net> <87v99qit39.fsf@netris.org> <877dm29iog.fsf@gnu.org> <20210322144404.1636b9cf@riseup.net> <875z1hv5tt.fsf@elephly.net> Date: Thu, 25 Mar 2021 15:22:16 +0100 In-Reply-To: (Leo Famulari's message of "Wed, 24 Mar 2021 15:51:06 -0400") Message-ID: <87o8f7b9ev.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1616682151; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=8GzgFJOjIe/9HHS7ODUwAOG8jerP9G0N8uaEm0xcNp4=; b=oHGHDv7RHqNCyl+b7Ey7jzXOPkkKkPm+IpCRl0PLy9/WCYJecWoFkbsE4v6ermOOmQ4+6b qitBA9fnq6t6pP4M9DNDe4fcmPQUxQS1QSKtnj09dI4PNBMLcf5y/zL6BSaq62loSP4P9X 5G59WaMEm/6mWsbtjT1vdru1Qo1CbwJCKz6+NyaN8j+CUb2dzT4IhPtUIpIAqYM7RIoacQ eYcUWgzN9bKufUyah5RtTBb9gEqSSzmJyKJ5KU/P0d1+uBXOMr8bkLx5jW6JawXQCv4hs6 EnKnuXDks9uIRV8sCdvXMLYypFs6y7gZUdxIzGTrlkn8olQEQWqC6mjSxwIJgA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616682151; a=rsa-sha256; cv=none; b=pk90V6ETySqExEsBnKHTepofdu6YhGo8/g7uBDdiOzQBiylT+A7neqLNDOldgol0IQwWsi i27qrZ6Pu80SyEhArdCceh1OQJyjKU/81FuEFDtyR0x8XrT6RZMWGYSwXqHnSaNtDwJ045 kMIhy71jJUnxNfO/BzH9FTOs/Yr+s10Jg/DzfVlbcFpw6ZcnFP+4OzXo+heGIwkHwMkpp3 1VqYNDxnZoR6g+y105SIwTPUfHa5l57Majaoy6SeFT7wzqQ9OaT8VmIfVEGRdbSZd3pMFF Cklok7CpgDw8qzkvRRT6zaELt4N/hGdm4pH+vHf1qD3EYdkJK1yal5SFADKepQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -2.92 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 1BAEDFFA6 X-Spam-Score: -2.92 X-Migadu-Scanner: scn0.migadu.com X-TUID: 3p+cPzmQkKJE Hello, > Concretely, this would mean a Honeycomb LX2 or Ampere ALTRA workstation, > since I don't believe there are any other aarch64 workstations available > for sale. > > https://www.solid-run.com/arm-servers-networking-platforms/honeycomb-workstation/ > https://store.avantek.co.uk/ampere-altra-64bit-arm-workstation.html I recently added a new metric in Cuirass: "Builds count per machine during the last day". Turns out the overdrive1 with its two workers seems to outperform the hydra-guix-X running emulated builds on four workers. As soon as the other overdrives are back online, the situation will hopefully be a tiny bit better. Buying and hosting other machines such as the ones you mentioned could also help here. The Wireguard tunnel between berlin an the overdrive1 works fine and configuring those machines with something similar to "hydra/modules/sysadmin/overdrive.scm" should be enough to add them as Cuirass workers. Thanks, Mathieu