From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:8:6d80::])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id 6CB0GYyoW2DL5QAAgWs5BA
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 24 Mar 2021 22:01:00 +0100
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id sPFIFYyoW2AHGQAA1q6Kng
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 24 Mar 2021 21:01:00 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 1D93E2341E
	for <larch@yhetil.org>; Wed, 24 Mar 2021 22:01:00 +0100 (CET)
Received: from localhost ([::1]:59052 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1lPAcd-0007du-87
	for larch@yhetil.org; Wed, 24 Mar 2021 17:00:59 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:49596)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@famulari.name>) id 1lPAXf-0002Oa-RI
 for guix-devel@gnu.org; Wed, 24 Mar 2021 16:55:51 -0400
Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:39587)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@famulari.name>) id 1lPAXd-0006rJ-Fq
 for guix-devel@gnu.org; Wed, 24 Mar 2021 16:55:51 -0400
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
 by mailout.west.internal (Postfix) with ESMTP id 8F9C51340;
 Wed, 24 Mar 2021 16:55:46 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute1.internal (MEProxy); Wed, 24 Mar 2021 16:55:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=LvbACxaSp9jzv2Tjke0tLyqx
 /G2XM7XCZd+TNLrxUVo=; b=SPgvHrpw6biricwnICoPQvZ6FihKreDYtez0ea4k
 Eag/PLN9BJSnevlP5NSHdMX13zHD6Ne8O5XX3dOXMoTJ0Tk8n9IBlhvU+erj52F6
 j7Db7Ht6Orz6irouKHcy05V+sw7oKYNSxomSRS3zqeuWPqdKGyCsislpL0DU4xYn
 K6c=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=LvbACx
 aSp9jzv2Tjke0tLyqx/G2XM7XCZd+TNLrxUVo=; b=CQcHNWYQPV1CUhPF0RRLNE
 DcUd2em/KPT/nFNy8tsO/NtXfDdZT2KFmSNnNZx7ErzPmQ7fp5xaAD5ixNoVHwQB
 AEKLAaww5gNmL5RvH0r4UfItjaxk3aXP+B/vnikwhZp2dyKCtk88OR73OT9J1GRt
 SnCfueiZaMhfnrt4aU1J+tKj71GQo0rdQhuMqCx9u7Qz7tw1jclnSa+HuuOiO2x4
 eBI6FX+zzVg/jjeMOqmEveRBHXMRBKDQQwWRvufJOmb1wt9apuHhF/PkPGmYaMYl
 UEDK23pZQP7edd+tfLT2X+9zs6PuvN8yJwEO4xZ/AmserOPdw4kJO4YRScaytXpg
 ==
X-ME-Sender: <xms:UadbYOEMVNCIolpLhsk8V3qvpnLdRt_FlCbicXE2Qk16dxvqh6mOqA>
 <xme:UadbYGVi9pdmZ8ZAFaKFZrK2xnPeSajUmSq4yqzwAM_joGq6t5CNHxtmJT-QiB_HY
 BM6Y-3aUmUI-4NqWA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudegkedgudegvdcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
 enucfjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcu
 hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth
 htvghrnhepueekkedtffdvtddugeejgedtvefhueefiedvjeeitdeigedtveejvdejheff
 vefgnecukfhppedutddtrdduuddrudeiledruddukeenucevlhhushhtvghrufhiiigvpe
 dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:UadbYNKwVMkF5t6vYUx-8HbpS3AEKr4Bxd2Qu_WNq9eb-7-8Kgk7Gw>
 <xmx:UadbYG8DpMaUzEOsBaeHiFRRBKVtnwJfs1rxW1NgRKJukDpYMi7zLw>
 <xmx:UadbYAJmgAg3MmZtGwGJQ-u_Ciaea5C3ezZ_e1MD_gGt5TJPDEKcYQ>
 <xmx:UqdbYJt5ylEZO9Z16WNiaM_CR0LPmt8D2SuBaMkcUwTyRMelTqO15w>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id 5FCE4240356;
 Wed, 24 Mar 2021 16:55:45 -0400 (EDT)
Date: Wed, 24 Mar 2021 16:55:43 -0400
From: Leo Famulari <leo@famulari.name>
To: Vincent Legoll <vincent.legoll@gmail.com>
Subject: Re: [opinion] CVE-patching is not sufficient for package security
 patching
Message-ID: <YFunT7QXRlnLsPIO@jasmine.lan>
References: <9b9a43a584e2dc70488482fce5931b46abd0e006.camel@zaclys.net>
 <87v99qit39.fsf@netris.org> <877dm29iog.fsf@gnu.org>
 <20210322144404.1636b9cf@riseup.net> <875z1hv5tt.fsf@elephly.net>
 <YFuYKgZgcf44KswI@jasmine.lan>
 <CAEwRq=qnHcbWeKxiPQZ2NxtBmwKx=t8t7qsPLMyTWEjArOY4aw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAEwRq=qnHcbWeKxiPQZ2NxtBmwKx=t8t7qsPLMyTWEjArOY4aw@mail.gmail.com>
Received-SPF: pass client-ip=64.147.123.21; envelope-from=leo@famulari.name;
 helo=wout5-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Cc: guix-devel <guix-devel@gnu.org>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1616619660;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=LvbACxaSp9jzv2Tjke0tLyqx/G2XM7XCZd+TNLrxUVo=;
	b=kFnu6DESj2orPqLL4nJ92y1c1Vv3hhEieGk+vBbnyCJ0NsNVXqCsVam4vdwwrHr1suJlYp
	tlt4Hq3Uz97xoMO93ALPjsu/ZYMUkfZFVI0unQFFLFqfmz50iyuAcAgwMhnXIWtHRHF/fB
	yt6wO30PWKKLz1thluDBBZt+qZD6PTbgeOPcRRrwepHGq0yvQplAxqlUb9bial5MYMqJqT
	JWOWRj2gsGjDTd6XGwDfk23fc1BJoTkKYiv8OVXNLI9RBnKJ5TgoRNlS7B+2O8tAz453o6
	x4G6zrY4W6z8loPrMSlRl9b+zn5+LcdhVSaCmxTURLqUJ/X3QOgbWsax9WHetw==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616619660; a=rsa-sha256; cv=none;
	b=hlBVQouT08SQ7WBrMxLKWdm6EnVR4ApQs4OXlXMHMOiCuKQcmCSPi72qeBbA0gyvAji28k
	7TkX2NTuxSnyAgtSunb+3eM54LnN7fssF0TSPleFBDjDIV3ryX8INDmK6nAQQSyAes5bnF
	xl2dOp6PeFQh5Wn0CuFFn3jzw+RDn/NjaIPPz7tMpJJL70m0MapXqV9T2OFQZPBZc8w6wg
	Fd0LKW93d8/WM6wvVT1H8e2muRBjHqUAWCQFMbOAjc6qffh5N01Cwq9FqB2m4/QhN1P2f6
	XPZ/CfipIrDDtCzGlWcUwDfPm+6aJPTX0KS7Lx2EVp5P3z+WJ+m7fD3Scm8tWw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=SPgvHrpw;
	dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=CQcHNWYQ;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Spam-Score: -1.42
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=SPgvHrpw;
	dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=CQcHNWYQ;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Queue-Id: 1D93E2341E
X-Spam-Score: -1.42
X-Migadu-Scanner: scn0.migadu.com
X-TUID: hF7LhbHJqKV9

On Wed, Mar 24, 2021 at 09:24:40PM +0100, Vincent Legoll wrote:
> I already volunteered (privately) to host the same (1 or 2 WS power-class),
> currently on ADSL uplink (so not for substitute distribution, only building),
> FTTH in the future, no UPS though.

The architecture of the build arm is such that substitutes are
distributed centrally, so you wouldn't have to worry about slow uplink,
as long as it's fast enough to pragmatically send build artifacts to the
central node.