From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id iDljJhGLW186IwAA0tVLHw
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 11 Sep 2020 14:34:57 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id QF7rIBGLW1+OJgAA1q6Kng
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 11 Sep 2020 14:34:57 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 1A5389400D3
	for <larch@yhetil.org>; Fri, 11 Sep 2020 14:34:57 +0000 (UTC)
Received: from localhost ([::1]:42958 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1kGk8d-0000t6-Qt
	for larch@yhetil.org; Fri, 11 Sep 2020 10:34:56 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55306)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kGk7n-0000qh-Bw
 for bug-guix@gnu.org; Fri, 11 Sep 2020 10:34:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:33488)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kGk7n-0004tV-36
 for bug-guix@gnu.org; Fri, 11 Sep 2020 10:34:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1kGk7n-0003uh-0A
 for bug-guix@gnu.org; Fri, 11 Sep 2020 10:34:03 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#43075: Prioritize providing substitutes for security-critical
 packages with potentially long build times
Resent-From: "Dr. Arne Babenhauserheide" <arne_bab@web.de>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Fri, 11 Sep 2020 14:34:02 +0000
Resent-Message-ID: <handler.43075.B43075.159983479914967@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43075
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: zimoun <zimon.toutoune@gmail.com>
X-Debbugs-Original-Cc: bug-guix@gnu.org,
 Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>,
 chaosmonk <chaosmonk@riseup.net>, 43075@debbugs.gnu.org
Received: via spool by 43075-submit@debbugs.gnu.org id=B43075.159983479914967
 (code B ref 43075); Fri, 11 Sep 2020 14:34:02 +0000
Received: (at 43075) by debbugs.gnu.org; 11 Sep 2020 14:33:19 +0000
Received: from localhost ([127.0.0.1]:45030 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1kGk74-0003tL-RB
 for submit@debbugs.gnu.org; Fri, 11 Sep 2020 10:33:19 -0400
Received: from mout.web.de ([212.227.15.14]:35895)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <arne_bab@web.de>) id 1kGk71-0003t5-TK
 for 43075@debbugs.gnu.org; Fri, 11 Sep 2020 10:33:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de;
 s=dbaedf251592; t=1599834786;
 bh=kZCSxxpEOmaJBd4IG0WQ3184DADOKvKUsVGdmOQmwsw=;
 h=X-UI-Sender-Class:References:From:To:Cc:Subject:In-reply-to:Date;
 b=VUUqe6LQ8TtexWScfdqafXE6N0d0164JXhiuSM+WR0232dDypwQIGlxwpWRAbC1sH
 TDOflKbyCN5mnZyHFwt1g5eo6u1ru3eVYj7n5shWl9hN2NKRHkshQ1FURERw0ngHaI
 3zro5jMN2RiUmoWXaNgqSV1RDyf0LK8Hd7R2To/w=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from fluss ([80.136.29.179]) by smtp.web.de (mrweb004
 [213.165.67.108]) with ESMTPSA (Nemesis) id 0MDSxB-1kJodz2EbV-00Gu8m; Fri, 11
 Sep 2020 16:33:06 +0200
References: <2WPQFQ.3JQYOGZG7WXZ@riseup.net> <87bliejc3j.fsf@gnu.org>
 <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@mail.gmail.com>
 <878sdg7qej.fsf@gnu.org>
 <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@mail.gmail.com>
User-agent: mu4e 1.4.13; emacs 27.1
From: "Dr. Arne Babenhauserheide" <arne_bab@web.de>
In-reply-to: <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@mail.gmail.com>
Date: Fri, 11 Sep 2020 16:33:00 +0200
Message-ID: <87a6xwjsdf.fsf@web.de>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Provags-ID: V03:K1:9xx7TRzPXY+HXHxyoit4pAq+ZFf4hu1I1kavxabPV5+l/iN+Mwr
 5kg/07Z0MwofZ6+vpkQEfc+B5Kk0+YfF6FMDc6GtI34aXO2Zi82kJMIoX7KXDgANI3vuUZw
 NjEcp49keaH8VZryAijdKmMikvUB1G9XEXNuyy5cXazAhxq5F5ysKbcFJ3lrL6VV9HMsb6o
 yNQ8wo/gMY2ygD9t3gIpg==
X-UI-Out-Filterresults: notjunk:1;V03:K0:RYKLgLsQ9GU=:v/OTMNHGT2Jx2AQNMZDXwZ
 O5pF0Hw6Qh0BTXNP+mojMqOlL4lpNFeeoxWdnPPx5ulvN6UJJ+TRo9ubgLj3wqvETVn5YD0vY
 EgOhb4Un3AxFtX6mA47ijdXE12NUqr+H1JEfp+BK0fmvvMkuLQdrhMWNU9SHeU6+SEl4xKX9o
 9PzwUZLRc8IR34TvAo+3cMqBW2VsPtB7vmFohKCbal18gALQILbdUurMevKI8FLX67rkj2Ki/
 mAu3FhsHD9KBfv4WpZ11u/RcbPUkeNr6s0ZkV+gWed7qazSj1oWTZtZsQvBYDmybcKHORmkjQ
 wDNUreVTX+B7fUg/HWhE0RzGTFC8+2rUDfBpTxnWRGTCTAyqz3LXTS232NDuAvdibteXoawCJ
 tGhze3faanzqHI1J8c8GcqzCGVXy0rIsFe1POsjnH32aZWTEvPpa6oMppgmWOhxItDT1Go1F9
 xf5tOP2Qhmy5kU8gXVJSdd5vRHVOSm3D87mOLthNwO5/JVeKY48ZZj1EIoIaQ5hPGSC28gAnW
 ePWwX+E1PrDWk+HdTMuc9kHAUECikd4x7UHG1/bKcEKIk82iYg4PzCWSBF5CKpgfPswY5rLqJ
 UFjlAKuYP1wb4VPKhISpQBA8F6fK8xLdCNHc7tIzKfubvaRbqxkwLHajMBf0g17iYGh1aI1ac
 pqegZSw3Qw8COLgpzEn91YW1ZTgnDHs3klN5OHwE+2nm8HMWyUdPQWIWqHnhxlmw9b/ySs7O3
 pYFHEfEzLvmNgEjWsICcxpqIjPM0rummkflhrN25jOtKJlq5y5eeL9qiV6ZFnHgHhVYE35p3P
 YQipLXUo2+jsdlnVrKTpU+FvF41+bFYD0eT+HHROSI0vCcxJ8KJ4S4WlYv1vdMZCIbPb3Fw2n
 ne5e+ngodIWN+Ak4pnX0ZcddJtqmxVdK+Ci7tzgOQTMBbMAu6g3kgnY/zm7ye14kZYfrZvGnP
 wPXnQpXTI0yQVljXG3+a6St5bVL4i063v+MmhYm9n/wrDLalH1x8SB/DGz6zrFuiY7SLpobXQ
 4GI6DSJP/SNmA4vzH9/JCFwYIkis55uw9RmkZ0fGPL9AaPR6dukBC3Mw6ywh9G5oWwFybbv5H
 ZPsoM11+9Pw2cXlIPy8kPFQy0JUMLDfr2by6FNzvZSxr1FGT9DEQRnPcfokrI++f3Vqcz+KIe
 nHzK8yYoRmx8Fwtw1aMuoKKn8gpIHEzMLYjNrye0JbjYb9TUG1177oPKyJfbqhDw3GX0fHiu9
 AyWKYHDyfeFKP5E9Q
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-Spam-Score: -1.7 (-)
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Cc: 43075@debbugs.gnu.org, chaosmonk@riseup.net
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Scanner: scn0
Authentication-Results: aspmx1.migadu.com;
	dkim=fail (rsa verify failed) header.d=web.de header.s=dbaedf251592 header.b=VUUqe6LQ;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Spam-Score: -1.11
X-TUID: dGE2taXU+M/x

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


zimoun <zimon.toutoune@gmail.com> writes:

> On Fri, 11 Sep 2020 at 08:56, Ludovic Court=C3=A8s <ludo@gnu.org> wrote:
>> To me the proposal is more about introducing scheduling priorities.  For
>> these packages, it=E2=80=99s indeed safe to assume that every new releas=
e brings
>> security fixes.
>
> Why would some packages be prioritized on the build farm than others?
> Based on what?   Which criteria?

There are two aspects that make ungoogled-chromium, icecat and
linux-libre special:

=2D long build time
=2D security critical

If a user cannot run the newest ungoogled-chromium, icecat, or
linux-libre due to too high build times (so it can for example only be
built on a weekend, but not on a weekday when the computer is only
active for a few hours), then this user is prone to be hit by zero-day
vulnerabilities.

So the minimal criterion would be: Protect users from zero-days.

For ungoogled-chromium, icecat, and linux-libre, two factors match:

=2D the chance is very high that an update fixes a vulnerability, and
=2D they take so long to build that many users won=E2=80=99t be able to do =
it
  right away.

I certainly can=E2=80=99t: I cannot update ungoogled-chromium during work-t=
ime
because the compile is so heavy on resources, that it considerably slows
down my work.

Best wishes,
Arne
=2D-=20
Unpolitisch sein
hei=C3=9Ft politisch sein
ohne es zu merken

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE801qEjXQSQPNItXAE++NRSQDw+sFAl9bip8QHGFybmVfYmFi
QHdlYi5kZQAKCRAT741FJAPD6/rmD/4kag8/3+DZv59TTILgjjNV/0RnAKzEMmRJ
ZZV2fziszfjY9z67Jk2cRSbR8PL4UQsz93rj0lKJ+aPsY0bxaBQ3rqB+oC+aGhCB
6qnD5J9/2AQKfvrEQy075XkDvnm+sHicsNOLehr+DQffYGtWshv6kpAqqutL1Yvf
szSpumHaXv53iwhZg213yAoFCptv8yp+6nGU9KvVbGhgT+Tl4jHco0Er3UxcG6k/
dI2qN9yjFH89FgRfkUTJi+RXZLpis6TdgPizg+mmn6BzeSYTWEjR/np6eAub9WiX
hP3cDrJpPau0U5h1CytDwW4WNbe1V7IB+zkMVEzyTptLk0FuHEvxBxKYup4D+GAq
DYa02xCnssooas9CKai301u917IitmpZbitKk0Mp3aDCdZLgr3zFdrrFrL2nBpIA
xsRPwRFmJDuUdCb8bc4/dFnBApAxAvm217VCuDV0hIWBPq1CDvMe3ez4Lvwg7eG6
06Zt2fhrYOoifsxQx7BHO113aoY8qAu5bkTAZZsByXroRq8i11edi3JLJFrKNVm2
qVfdf/JEjCqxzADJPUu0quGLJUyJIGDVJwZ3f5ifRP786ihQc6Q46O7gLNf36DgF
4zmGFe7+q1R//w8OV1G+D+zuIfYenu9lvGJ18JuLwhfzlSNpXWBr3/JbEfvrzBDE
Q/WQGlN0YojEBAEBCAAuFiEE3Si95tmHXKvOSosd3M8NswvBBUgFAl9biqEQHGFy
bmVfYmFiQHdlYi5kZQAKCRDczw2zC8EFSEWMA/97UouOyqFm1RdVhZbediNf+UNn
4NCrRx1NwGQN6I3BADwj2EKmS7wDpQQK+qtiSYjw5ehYjJlgJ2L3UpHk7aPxW4pT
3CcE0tepj3l7kBmV/Somaou4aeBucUCaNyRXbDGdo6ZbgBP6fIVicccveLjj3WKv
Ig/y5EPKwe5oCdU08A==
=GM9R
-----END PGP SIGNATURE-----
--=-=-=--