[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Call for volunteer(s) for Guix "security" web page
From: |
Leo Famulari |
Subject: |
Re: Call for volunteer(s) for Guix "security" web page |
Date: |
Tue, 27 Sep 2016 14:26:53 -0400 |
User-agent: |
Mutt/1.7.0 (2016-08-17) |
On Tue, Sep 27, 2016 at 10:58:09AM +0200, Ludovic Courtès wrote:
> > + (h2 "Release signatures")
> > + (p "Releases of Guix and GuixSD are signed using the
> > OpenPGP "
> > + "key with the fingerprint "
> > + "3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5. "
> > + "This key can be obtained from XXX.")
>
> Maybe link to
> <https://www.gnu.org/software/guix/manual/html_node/Binary-Installation.html>
> or copy/paste the text? Though we should give a ‘gpg --recv-keys’
> command that uses the full fingerprint instead of just the 64-bit ID
> (which is still too small, some say.)
>
> > + (h2 "Security updates")
> > + (p "When security vulnerabilities are found in Guix or the "
> > + "packages provided by Guix, we will provide "
> > + (a (@ (href ,(base-url
> > "manual/html_node/Security-Updates.html")))
> > + "security updates")
> > + " quickly and with minimal disruption for users.")
>
> Maybe also that Guix is a “rolling release”, so there’s currently no
> separate security-fix branch and all critical fixes go to master?
I tried to implement these suggestion in the attached patch.
> I wonder if it would make sense to add a note on reproducible builds,
> ‘guix challenge’ and all that; later maybe!
Yes, later. Volunteers still welcome :)
> Note that you’ll then need to commit the resulting HTML to CVS(!) to
> that the update pages show up, as per the instructions available on the
> Savannah project page. If you’re unsure or anything, I can do that.
I'll try it if this new patch is okay.
0001-www-security-New-page.patch
Description: Text document
signature.asc
Description: PGP signature
- Call for volunteer(s) for Guix "security" web page, Leo Famulari, 2016/09/16
- Re: Call for volunteer(s) for Guix "security" web page, ng0, 2016/09/22
- Re: Call for volunteer(s) for Guix "security" web page, Leo Famulari, 2016/09/25
- Re: Call for volunteer(s) for Guix "security" web page, Ludovic Courtès, 2016/09/27
- Re: Call for volunteer(s) for Guix "security" web page,
Leo Famulari <=
- Re: Call for volunteer(s) for Guix "security" web page, Ludovic Courtès, 2016/09/28
- Re: Call for volunteer(s) for Guix "security" web page, Leo Famulari, 2016/09/29
- Re: Call for volunteer(s) for Guix "security" web page, Ludovic Courtès, 2016/09/30
- Re: Call for volunteer(s) for Guix "security" web page, Leo Famulari, 2016/09/30