[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#43075: Prioritize providing substitutes for security-critical packag
Dr. Arne Babenhauserheide
bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times
Fri, 11 Sep 2020 16:33:00 +0200
mu4e 1.4.13; emacs 27.1
zimoun <email@example.com> writes:
> On Fri, 11 Sep 2020 at 08:56, Ludovic Courtès <firstname.lastname@example.org> wrote:
>> To me the proposal is more about introducing scheduling priorities. For
>> these packages, it’s indeed safe to assume that every new release brings
>> security fixes.
> Why would some packages be prioritized on the build farm than others?
> Based on what? Which criteria?
There are two aspects that make ungoogled-chromium, icecat and
- long build time
- security critical
If a user cannot run the newest ungoogled-chromium, icecat, or
linux-libre due to too high build times (so it can for example only be
built on a weekend, but not on a weekday when the computer is only
active for a few hours), then this user is prone to be hit by zero-day
So the minimal criterion would be: Protect users from zero-days.
For ungoogled-chromium, icecat, and linux-libre, two factors match:
- the chance is very high that an update fixes a vulnerability, and
- they take so long to build that many users won’t be able to do it
I certainly can’t: I cannot update ungoogled-chromium during work-time
because the compile is so heavy on resources, that it considerably slows
down my work.
heißt politisch sein
ohne es zu merken
Description: PGP signature