From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id MAGyKwDqZWAx6wAAgWs5BA (envelope-from ) for ; Thu, 01 Apr 2021 17:42:56 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id sAygJQDqZWBiAwAA1q6Kng (envelope-from ) for ; Thu, 01 Apr 2021 15:42:56 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5E83D20F13 for ; Thu, 1 Apr 2021 17:42:56 +0200 (CEST) Received: from localhost ([::1]:50746 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lRzTD-0000hP-GC for larch@yhetil.org; Thu, 01 Apr 2021 11:42:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51136) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lRzT3-0000gr-SY for guix-devel@gnu.org; Thu, 01 Apr 2021 11:42:45 -0400 Received: from mail.zaclys.net ([178.33.93.72]:59447) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lRzSz-0001vk-QU; Thu, 01 Apr 2021 11:42:45 -0400 Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 131FgZ5K007676 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 1 Apr 2021 17:42:35 +0200 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 131FgZ5K007676 Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1617291755; bh=aYsYg+grnLDgdLvOhBKo0vvrbTW9fVrwgSOUEUZvRNs=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=gM//jzQivqT/IUPoNIiqmetVFO1Q0D3/a2cwLl17VbP9mHgiN5mDSHB1RwtlLTB6S GfE9Xp4I/YZKOd1/0wbCoPHaF+ZvzCl1aRQCgENSGqvRfCVrKz8rMnEMOl7A+TNfG/ 245OQ5+ikujE1jGBQ0GubGR+vcuR9oHPRqhDWivA= Message-ID: Subject: Re: Security patching and the branching workflow: a new security-updates branch From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: Ricardo Wurmus Cc: Ludovic =?ISO-8859-1?Q?Court=E8s?= , zimoun , guix-devel@gnu.org Date: Thu, 01 Apr 2021 17:42:23 +0200 In-Reply-To: <87blay2gsj.fsf@elephly.net> References: <864kgshnfp.fsf@gmail.com> <33f1494fd4ad899a4a9851c002a534f1c69861b7.camel@zaclys.net> <87lfa33tbo.fsf@gnu.org> <87blay2gsj.fsf@elephly.net> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-iN2bKvNVRDyQG/x6KRws" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Received-SPF: pass client-ip=178.33.93.72; envelope-from=lle-bout@zaclys.net; helo=mail.zaclys.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1617291776; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=aYsYg+grnLDgdLvOhBKo0vvrbTW9fVrwgSOUEUZvRNs=; b=Dr0uuIBPIg9xmfY+f+7znkD7cX1RzZ014NiilQDw8z1k1/IcKzDDF+51WEviqvV1foAvco nmgncAJ4j4Ofjf7rq5KQ3HidOGK62/4Lm6vj/uKTGYi7dMK+vQ+sFkVHHlgMBSIpO+T0mN IridZvRHNmaC/OrOtK0n5mXFjtIFruk2A/mQKdMDXjK8wCxqKXRN0+1JY5TNJB1Jbc4qiR Bs2ENBkXrLS1oeoVnVZtEltwIyy8tyTVWipowUAG9xk6DJQaksYOUYGSRF0D/i7Hqitj1W 6wzDlmR0W9VlFOwxATXD2deyQFdEN8U0gEPA7WL6g8JVLmdWDHrn5Ao4cMcASA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1617291776; a=rsa-sha256; cv=none; b=d5QS8ryLx/RT9kp8obVHmoQG0Mc82wHUabTR2ryIpwqDKY6m7rAndA/ucKU4xuMyl84OS/ ko3YDylALRjYl1hIzlF4/KWZRbhy0zt/4YpyLgRVWqQGehcgcZhAIDpixHwldKqPPMU8gG 20FucctJa3MAly/GzBRVJK0afiPQVq8OoBJ3ct7lgN/fcVytQIb8vx0XjXqUaOKBKlLPuQ lPqfW1GhNcWrzgjru82t2HQcL2lskS9TKHHz8mT9715Hlx9aLaBbK2aEwOEPE67BCGqNEv GifQ4MCIcveMsQMT/T876h5ujOnHFJCYfzbhHDdTVxGTdCeBzWl59LQ1ti9d6g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=zaclys.net header.s=default header.b="gM//jzQi"; dmarc=pass (policy=reject) header.from=zaclys.net; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -3.73 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=zaclys.net header.s=default header.b="gM//jzQi"; dmarc=pass (policy=reject) header.from=zaclys.net; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 5E83D20F13 X-Spam-Score: -3.73 X-Migadu-Scanner: scn0.migadu.com X-TUID: 4nCiW/Ns7gCh --=-iN2bKvNVRDyQG/x6KRws Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sorry for duplicated email, On Thu, 2021-04-01 at 16:58 +0200, Ricardo Wurmus wrote: > I don=E2=80=99t think we should have a security-updates > branch, because the role of that branch is effectively taken by > staging. I don't think that's the case because staging is documented for things that do not make too many rebuilds (in which case they'd go to core- updates), and some times security updates do cause rebuilds in the 1800+ and they could not go through staging. The proposed security- updates branch would not have that limitation. We could of course also revisit the policy for staging and prioritize security updates through that branch while also committing to actually merging that branch on schedule. L=C3=A9o --=-iN2bKvNVRDyQG/x6KRws Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBl6d8ACgkQRaix6GvN EKaN3g/7BRbmlVNwsjWjANOSr4QI6MZMuwhmkabBVTq4RNNoJmgBTd39oCdxg6kv VEPtB7zsQUzoQxYRueGbri5TH85TlIjdDolK5SFL0gFG5mCMSi+ms/3a7E7ZvfBg sf66SSMfT0TyOSPgZp2tRLL4Gxw/q81QspZoI6tVu0iqIWDwUYFaWwW14MDPwAZe AAfOsL0P8ep7DGI+Qpnxj3Jw1CY/IZnrv4PiQ938UQYhX/zMC8/b7wThmgBH1GzH u7Nd8W+sWEsqaSvp/HfTEXMXgwbjYNFG0Lmzn3cG10wjPE8FNs9d7aqnOQ2F8GUB Efp6XuA64UzcKAedfMvPYJJSfNZ/m0jR8Qi1Zb3QMu5HaF6aE5x8ZvLiC1OaiEOL 1DrmQkoqXQAi4PTB3KureYDHhH0yhIAcLLjCURsdtes3YnE5R8YQckNGoyvS2jFE n8J1pBWWyfGoXrClxkkW10jWPBZXfDwSu1Mv/I8uwmFN4daSglRk6yFbTZ9De/sG YlMw9j2di2MNJZ3vlncElA22GT30XXj+R4P7TkJ2UNhVpHREaG7nSy+gHRB8PhaV zNXLTrc+phpMkQGlXd0lUgSRqM5ZPm+uSCNwp0aVjTQsjx9E1akxSCWc7qynFGH4 +wWsMXXnnYZlmlqVsz+rWDQKEiwo+OJuufx1YQNsRiGEjW5lyj4= =u6IV -----END PGP SIGNATURE----- --=-iN2bKvNVRDyQG/x6KRws--