From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60533)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1g6SJ4-00042g-H0
	for guix-patches@gnu.org; Sat, 29 Sep 2018 23:22:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1g6SJ0-0007DY-IG
	for guix-patches@gnu.org; Sat, 29 Sep 2018 23:22:06 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:55072)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1g6SJ0-0007DM-DB
	for guix-patches@gnu.org; Sat, 29 Sep 2018 23:22:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1g6SJ0-0002HW-5W
	for guix-patches@gnu.org; Sat, 29 Sep 2018 23:22:02 -0400
Subject: [bug#32834] [PATCH] gnu: icecat: Build with rust-1.24.
Resent-Message-ID: <handler.32834.B32834.15382776688705@debbugs.gnu.org>
From: Mark H Weaver <mhw@netris.org>
References: <20180925044904.23530-1-efraim@flashner.co.il>
	<87lg7kvuhz.fsf@gnu.org> <20180930005515.6860d2a4@scratchpost.org>
Date: Sat, 29 Sep 2018 23:20:48 -0400
In-Reply-To: <20180930005515.6860d2a4@scratchpost.org> (Danny Milosavljevic's
	message of "Sun, 30 Sep 2018 00:55:15 +0200")
Message-ID: <87wor34qnj.fsf@netris.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Danny Milosavljevic <dannym@scratchpost.org>
Cc: 32834@debbugs.gnu.org

Danny Milosavljevic <dannym@scratchpost.org> writes:

> On Sat, 29 Sep 2018 23:55:36 +0200
> ludo@gnu.org (Ludovic Court=C3=A8s) wrote:
>
>> Hi Efraim,
>>=20
>> Efraim Flashner <efraim@flashner.co.il> skribis:
>>=20
>> > * gnu/packages/gnuzilla.scm (icecat)[native-inputs]: Use the oldest
>> > compatable rust over newer releases when building icecat.=20=20
>>=20
>> [...]
>>=20
>> > +      ;; Icecat 60 checkes for rust>=3D1.24
>> > +     `(("rust" ,rust-1.24)
>> > +       ("cargo" ,rust-1.24 "cargo")=20=20
>>=20
>> I suppose the goal is to reduce the build chain, right?
>>=20
>> Mark, Danny: WDYT?
>
> I think it's a good idea.
>
> Eventually, the rust bootchain will change to mrustc -> rust@1.25.0 -> ..=
.,
> but we can cross that bridge when we come to it.
>
> I'm not sure about Rust's policy with regard to CVEs.  Are those patched
> in old releases, too?

Indeed, that's my main concern.  Might the older Rust compilers have
bugs that could lead to security flaws in IceCat?

Here's another possible approach to mitigate the cost of building this
long chain of Rust compilers: perhaps older versions of Rust could use
only minimal and highly stable inputs, such that they would be built
only once per core-updates cycle.  Thoughts?

       Mark