From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id AEi9HR1cUl+bFgAA0tVLHw (envelope-from ) for ; Fri, 04 Sep 2020 15:24:13 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id 8DO9GR1cUl+JEQAA1q6Kng (envelope-from ) for ; Fri, 04 Sep 2020 15:24:13 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 22776940308 for ; Fri, 4 Sep 2020 15:24:13 +0000 (UTC) Received: from localhost ([::1]:39110 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kEDZU-0002jp-3g for larch@yhetil.org; Fri, 04 Sep 2020 11:24:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48356) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kEDZK-0002hN-QD for guix-patches@gnu.org; Fri, 04 Sep 2020 11:24:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:57062) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kEDZK-00041V-HA for guix-patches@gnu.org; Fri, 04 Sep 2020 11:24:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kEDZK-00076t-E1 for guix-patches@gnu.org; Fri, 04 Sep 2020 11:24:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#43160] Validate the result of our linux-libre sources clean up Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 04 Sep 2020 15:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43160 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxim Cournoyer Cc: 43160@debbugs.gnu.org, Leo Famulari Received: via spool by 43160-submit@debbugs.gnu.org id=B43160.159923298827249 (code B ref 43160); Fri, 04 Sep 2020 15:24:02 +0000 Received: (at 43160) by debbugs.gnu.org; 4 Sep 2020 15:23:08 +0000 Received: from localhost ([127.0.0.1]:40375 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kEDYR-00075R-Oi for submit@debbugs.gnu.org; Fri, 04 Sep 2020 11:23:08 -0400 Received: from world.peace.net ([64.112.178.59]:55750) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kEDYP-00074k-Uj for 43160@debbugs.gnu.org; Fri, 04 Sep 2020 11:23:06 -0400 Received: from mhw by world.peace.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kEDYJ-0006LY-Lq; Fri, 04 Sep 2020 11:22:59 -0400 From: Mark H Weaver In-Reply-To: <87h7sedz0w.fsf_-_@gmail.com> References: <20200902182922.GA26301@jasmine.lan> <87363z28fs.fsf@netris.org> <20200902221552.GA32317@jasmine.lan> <87zh67zqfa.fsf@netris.org> <87h7sedz0w.fsf_-_@gmail.com> Date: Fri, 04 Sep 2020 11:21:47 -0400 Message-ID: <874kodsh21.fsf@netris.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: xV0Cpfl+JhRy Hi Maxim, Maxim Cournoyer writes: > I'd like to point you to the following patches, as they touch the > generation of the linux-libre sources, in case they hadn't caught your > attention: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43160. Thanks very much for bringing this to my attention. I do not subscribe to the guix-patches list, so I would not have seen this otherwise. I'm in favor of the following patches: gnu: linux-libre: Use Python 3 in make-linux-libre-source. gnu: make-linux-libre-source: Set output port buffering to line mode. gnu: linux-libre: Validate that the cleaned up tarball is free of blobs. Thanks for these. Please push them whenever you feel is appropriate. On other other hand, I'm strongly opposed to the following patch: gnu: linux-libre: Compare generated sources against Linux-libre releases. I'm opposed to it because it would make it prohibitively difficult to push micro kernel updates (most of which contain potential security fixes) before Linux-libre has published their tarball release. It would also make it prohibitively difficult to perform deblobbed bisections between two adjacent versions from the upstream stable git repository. In my opinion, at minimum, the 'linux-libre-upstream-source' argument to 'make-linux-libre-source' should optional. I find it depressing that Jason's and Alexandre's attempts to browbeat us to limit ourselves to deblob only the precise tarballs that they produce, and to always wait for them to produce them before pushing security fixes (although it takes less than 10 minutes to look over the upstream commits for new blobs) have gained traction here. Thanks, Mark