From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id MNYKDQeAWmArRwAA0tVLHw
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 23 Mar 2021 23:55:51 +0000
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id CCO9CAeAWmAcfwAAB5/wlQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 23 Mar 2021 23:55:51 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id DEC231E738
	for <larch@yhetil.org>; Wed, 24 Mar 2021 00:55:50 +0100 (CET)
Received: from localhost ([::1]:50552 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1lOqsH-0005TF-W2
	for larch@yhetil.org; Tue, 23 Mar 2021 19:55:50 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:47460)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mhw@netris.org>) id 1lOqs9-0005SD-7I
 for guix-devel@gnu.org; Tue, 23 Mar 2021 19:55:41 -0400
Received: from world.peace.net ([64.112.178.59]:51044)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mhw@netris.org>) id 1lOqs7-0007fR-JZ
 for guix-devel@gnu.org; Tue, 23 Mar 2021 19:55:40 -0400
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mhw@netris.org>)
 id 1lOqs4-0000Vo-Sc; Tue, 23 Mar 2021 19:55:36 -0400
From: Mark H Weaver <mhw@netris.org>
To: Joshua Branson <jbranso@dismail.de>, raingloom <raingloom@riseup.net>
Subject: Re: [opinion] CVE-patching is not sufficient for package security
 patching
In-Reply-To: <87tup1lu0v.fsf@dismail.de>
References: <9b9a43a584e2dc70488482fce5931b46abd0e006.camel@zaclys.net>
 <87v99qit39.fsf@netris.org> <877dm29iog.fsf@gnu.org>
 <20210322144404.1636b9cf@riseup.net> <87tup1lu0v.fsf@dismail.de>
Date: Tue, 23 Mar 2021 19:53:55 -0400
Message-ID: <87y2edifyp.fsf@netris.org>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=64.112.178.59; envelope-from=mhw@netris.org;
 helo=world.peace.net
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Cc: guix-devel@gnu.org
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1616543751;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post; bh=d0n2ZdZ5OlfWK63TZW81xEmFXcxae78Gbg6vH4vG6PM=;
	b=Gb8FA/Dtth/alSHP33mMQTj5+gl20gASt/snJKUr9SJgCssX1zNI5gUOd+SCzriOMf3MdK
	R8H7BxwmiB4co7G4dSRHxAZqLbEDnECsVV9oZyg85Jys8zOtcLbBLPJKo1cWKf9vrmQCVq
	Rz97oO+ygELz5CAmYe6ywad6RRzPmZ3gIpccsecnNa8qsnF8elGtYOl2roOhpkqkAX+FJq
	aMoIdKDLnX3MGnqtZal51BGR+L3xCu3in5qh+MPvY2u9m7a65WZV2qCb6Hmihse8Ywytf+
	XuOfj863dOa1gaFnWQ1kHHgxIU2li94RyulXIVEdElvnDqjQZx3RPmvHrcs3Yw==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616543751; a=rsa-sha256; cv=none;
	b=HROw6ITfWtmVFTtbjTkQjbTeF59VSwQzIdnNdGYlbY3Eb9gFnR0YOsjZ38lUjDUFWGGGPr
	lc8kL2WBj6DHiMl3wyPd/VXbAgPe/OYaOIywDrhgTgkJfisae1m5ToaTs+En3vt+PgkEcq
	3iVuTuIuyZtbCECjIwdFYp0XXWjcSXMHuRDYYABoFi7ynMTT4blnxuKckzGfNCUN43+1s4
	YEDfZ5NfYGP+m1PdjoNbTPNljWHzbIb1KkrwnA1xnJrX7Z+OVL7vccLoE0V0bEGRSubQOe
	xaGtiP7c9ZvsLrVA9hXkrqgidf7eP2AhVCWlaWUUcQjSPWAQBEJLw20ZnKc1zA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Spam-Score: -2.42
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Queue-Id: DEC231E738
X-Spam-Score: -2.42
X-Migadu-Scanner: scn0.migadu.com
X-TUID: cPypompN11lo

Joshua Branson <jbranso@dismail.de> writes:

> raingloom <raingloom@riseup.net> writes:
>>
>> What about a Liberapay for Guix? Could also be used to pay developers.
>>
>
> I'd be game for something like this.  We could have a guix membership.
> Drew Devault has a "secret irc" channel for paying patreons.  Perhaps we
> could advertise a guix membership on the guix site.

Then, the Guix leadership would have to decide which Guix developers are
worthy of funding, and how much.  Those who are excluded may feel that
their contributions are insufficiently valued, and therefore feel
alienated.  Sounds to me like it would open up a huge can of worms, so
to speak.

     Regards,
       Mark