[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#43075: Prioritize providing substitutes for security-critical packag
|
From: |
Ludovic Courtès |
|
Subject: |
bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times |
|
Date: |
Fri, 11 Sep 2020 16:45:02 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Hi,
zimoun <zimon.toutoune@gmail.com> skribis:
> On Fri, 11 Sep 2020 at 08:56, Ludovic Courtès <ludo@gnu.org> wrote:
>
>> > The recent updates of ungoogled-chromium do not mention [security
>> > updates]. Well, I do not know if they are. So the question would be:
>> > what triggers the special security build?
>>
>> To me the proposal is more about introducing scheduling priorities. For
>> these packages, it’s indeed safe to assume that every new release brings
>> security fixes.
>
> Why would some packages be prioritized on the build farm than others?
> Based on what? Which criteria?
> Popularity? But we do not measure (yet?) how many times a substitute
> is downloaded.
> For example, I do not use ungoogled-chromium so I would prefer that
> the resources of the build farm would be spent on these X packages.
> Bob and Alice, they would prefer these Y packages. How do we reach a
> consensus?
> And security is one criteria. But how to detect it is a security fix?
>
> (Aside the issue of ungoogled-chromium about the time limit you
> described; which should be fixed, obviously. :-))
All we’re saying is that for some packages, we should always assume that
new releases bring security fixes. These are key packages like
Linux-libre, IceCat, ungoogled-chromium, etc.
Furthermore, ungoogled-chromium is practically not buildable on one’s
laptop, and thus it’s even more important to provide substitutes.
For now, the focus should be on improving overall build throughput since
there’s a lot of room for improvement.
Ludo’.