guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opinion] CVE-patching is not sufficient for package security patchi

From: Ricardo Wurmus
Subject: Re: [opinion] CVE-patching is not sufficient for package security patching
Date: Tue, 23 Mar 2021 23:54:54 +0100
User-agent: mu4e 1.4.14; emacs 27.1 
raingloom <raingloom@riseup.net> writes:

> On Sat, 20 Mar 2021 12:19:11 +0100
> Ludovic Courtès <ludo@gnu.org> wrote:
>
>> Hi,
>> 
>> Mark H Weaver <mhw@netris.org> skribis:
>> 
>> > Ultimately, I gave up.  In my opinion, Guix has never achieved
>> > usability as a desktop system on non-Intel systems.  Therefore, the
>> > Guix community is unable to attract many developers who want a
>> > distro that supports non-Intel systems well.  Our community has
>> > thus become dominated by Intel users, and there's unsufficient
>> > political will to adopt policies that would enable us to provide a
>> > usable system for non-Intel users.  
>> 
>> A practical problem that’s been mentioned repeatedly is lack of
>> ci.guix hardware for non-Intel architectures: please everyone,
>> consider helping the project find either sponsors or companies that
>> sell fitting hardware, along with a plan to host it and maintain it
>> over time!
>> 
>> Ludo’.
>> 
>
> What about a Liberapay for Guix? Could also be used to pay developers.

This seems to be a misunderstanding.  The first step is to use the money
we already have but cannot exchange for hardware, because

- finding appropriate hardware that you can actually buy is not easy
- hosting needs to be considered because we can’t just dump them in the
  MDC data centre where most of the Intel servers are hosted.

We bought a handful of Overdrive 1000 in the past (they are no longer
sold), and hosting was always an obstacle.

While looking for ways to get the project some more money is certainly
worthwhile, it’s really not the pressing issue here.

-- 
Ricardo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]