[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [opinion] CVE-patching is not sufficient for package security patchi
From: |
Ricardo Wurmus |
Subject: |
Re: [opinion] CVE-patching is not sufficient for package security patching |
Date: |
Tue, 23 Mar 2021 23:54:54 +0100 |
User-agent: |
mu4e 1.4.14; emacs 27.1 |
raingloom <raingloom@riseup.net> writes:
> On Sat, 20 Mar 2021 12:19:11 +0100
> Ludovic Courtès <ludo@gnu.org> wrote:
>
>> Hi,
>>
>> Mark H Weaver <mhw@netris.org> skribis:
>>
>> > Ultimately, I gave up. In my opinion, Guix has never achieved
>> > usability as a desktop system on non-Intel systems. Therefore, the
>> > Guix community is unable to attract many developers who want a
>> > distro that supports non-Intel systems well. Our community has
>> > thus become dominated by Intel users, and there's unsufficient
>> > political will to adopt policies that would enable us to provide a
>> > usable system for non-Intel users.
>>
>> A practical problem that’s been mentioned repeatedly is lack of
>> ci.guix hardware for non-Intel architectures: please everyone,
>> consider helping the project find either sponsors or companies that
>> sell fitting hardware, along with a plan to host it and maintain it
>> over time!
>>
>> Ludo’.
>>
>
> What about a Liberapay for Guix? Could also be used to pay developers.
This seems to be a misunderstanding. The first step is to use the money
we already have but cannot exchange for hardware, because
- finding appropriate hardware that you can actually buy is not easy
- hosting needs to be considered because we can’t just dump them in the
MDC data centre where most of the Intel servers are hosted.
We bought a handful of Overdrive 1000 in the past (they are no longer
sold), and hosting was always an obstacle.
While looking for ways to get the project some more money is certainly
worthwhile, it’s really not the pressing issue here.
--
Ricardo
- Re: [opinion] CVE-patching is not sufficient for package security patching, (continued)
- Re: [opinion] CVE-patching is not sufficient for package security patching, Mark H Weaver, 2021/03/16
- Re: [opinion] CVE-patching is not sufficient for package security patching, Leo Famulari, 2021/03/16
- Re: [opinion] CVE-patching is not sufficient for package security patching, Léo Le Bouter, 2021/03/17
- Re: [opinion] CVE-patching is not sufficient for package security patching, Léo Le Bouter, 2021/03/17
- Re: [opinion] CVE-patching is not sufficient for package security patching, Ludovic Courtès, 2021/03/20
- Re: [opinion] CVE-patching is not sufficient for package security patching, Leo Famulari, 2021/03/23
- Re: [opinion] CVE-patching is not sufficient for package security patching,
Ricardo Wurmus <=
- Re: [opinion] CVE-patching is not sufficient for package security patching, Leo Famulari, 2021/03/24
- Re: [opinion] CVE-patching is not sufficient for package security patching, Vincent Legoll, 2021/03/24
- Re: [opinion] CVE-patching is not sufficient for package security patching, Léo Le Bouter, 2021/03/24
- Re: [opinion] CVE-patching is not sufficient for package security patching, Leo Famulari, 2021/03/24
- Re: [opinion] CVE-patching is not sufficient for package security patching, Mathieu Othacehe, 2021/03/25
- Re: [opinion] CVE-patching is not sufficient for package security patching, Leo Famulari, 2021/03/25
- Buying AArch64 hardware?, Ludovic Courtès, 2021/03/30