[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security-czar needed? WAS: Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: g

From: Léo Le Bouter
Subject: Re: Security-czar needed? WAS: Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?
Date: Wed, 17 Mar 2021 07:24:02 +0100
User-agent: Evolution 3.34.2

On Tue, 2021-03-16 at 22:46 +0100, Bengt Richter wrote:
> I would feel better about running guix on my laptop if I
> knew all you developers had gotten together and elected
> a "security czar" who is the most competent of you to monitor
> security and also cares the most, and had the power to prevent
> applying unreviewed patches, and making sure all CVEs are taken
> care of, and kitchen doors not left open the way we did in the '50s.
> Sorry if it sounds like I think guix security is lax.
> Please convince me it's not so ;)
> Thanks, nevertheless, for all the great technical work!
> Just wish I could type
>     guix --what-and-who-am-I-trusting-q --full-report
> and get a complete list, with batting averages of the
> developers (regressions vs fixes), packages (estimated
> number of times executed without problem, dangerous bugs
> in development history, etc).
> </rant>

I think we can handle this without granting us any special powers, I
like it that we don't have roles actually!

We can discuss, debate, agree to common goals, I don't think we are
going to enter into conflict, we hear each other, we communicate, I
think that's a really good thing in GNU Guix :-D

Lots of other communities enter into conflict fast and stop
communicating, GNU Guix is not that, there's a spirit of goodwill of
everyone and that's really pleasing to live as a contributor and user.

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]