guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security-czar needed? WAS: Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: graft


From: Bengt Richter
Subject: Security-czar needed? WAS: Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?
Date: Tue, 16 Mar 2021 22:46:11 +0100
User-agent: Mutt/1.10.1 (2018-07-13)

Hi all,

On +2021-03-16 15:29:43 -0400, Leo Famulari wrote:
> On Tue, Mar 16, 2021 at 08:25:50PM +0100, zimoun wrote:
> > Hi,
> > 
> > On Tue, 16 Mar 2021 at 20:18, Leo Famulari <leo@famulari.name> wrote:
> > > On Tue, Mar 16, 2021 at 07:19:53PM +0100, zimoun wrote:
> > > > I guess that it will not build for i686.  Does it?
> > >
> > > I don't know. Either we will find out when building on CI, or people can
> > > test it manually now.
> > 
> > Please try out the patch from:
> > 
> > <https://lists.gnu.org/archive/html/guix-devel/2021-03/msg00295.html>
> > 
> > and if it works for you, please apply it.
> 
> No, sorry :) Someone else (maybe an i686 user?) will have to find the
> time to test it.
> 

I would feel better about running guix on my laptop if I
knew all you developers had gotten together and elected
a "security czar" who is the most competent of you to monitor
security and also cares the most, and had the power to prevent
applying unreviewed patches, and making sure all CVEs are taken
care of, and kitchen doors not left open the way we did in the '50s.

Sorry if it sounds like I think guix security is lax.
Please convince me it's not so ;)

Thanks, nevertheless, for all the great technical work!

Just wish I could type
    guix --what-and-who-am-I-trusting-q --full-report
and get a complete list, with batting averages of the
developers (regressions vs fixes), packages (estimated
number of times executed without problem, dangerous bugs
in development history, etc).

</rant>

-- 
Regards,
Bengt Richter



reply via email to

[Prev in Thread] Current Thread [Next in Thread]