Re: [opinion] CVE-patching is not sufficient for package security patchi

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opinion] CVE-patching is not sufficient for package security patchi

From:	Mark H Weaver
Subject:	Re: [opinion] CVE-patching is not sufficient for package security patching
Date:	Tue, 23 Mar 2021 19:53:55 -0400

Joshua Branson <jbranso@dismail.de> writes:

> raingloom <raingloom@riseup.net> writes:
>>
>> What about a Liberapay for Guix? Could also be used to pay developers.
>>
>
> I'd be game for something like this.  We could have a guix membership.
> Drew Devault has a "secret irc" channel for paying patreons.  Perhaps we
> could advertise a guix membership on the guix site.

Then, the Guix leadership would have to decide which Guix developers are
worthy of funding, and how much.  Those who are excluded may feel that
their contributions are insufficiently valued, and therefore feel
alienated.  Sounds to me like it would open up a huge can of worms, so
to speak.

     Regards,
       Mark

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [opinion] CVE-patching is not sufficient for package security patching, (continued)
- Re: [opinion] CVE-patching is not sufficient for package security patching, Leo Famulari, 2021/03/16
- Re: [opinion] CVE-patching is not sufficient for package security patching, Mark H Weaver, 2021/03/16
  - Re: [opinion] CVE-patching is not sufficient for package security patching, Leo Famulari, 2021/03/16
    - Guix moving too fast?, zimoun, 2021/03/17
  - Re: [opinion] CVE-patching is not sufficient for package security patching, Léo Le Bouter, 2021/03/17
  - Re: [opinion] CVE-patching is not sufficient for package security patching, Léo Le Bouter, 2021/03/17
  - Re: [opinion] CVE-patching is not sufficient for package security patching, Ludovic Courtès, 2021/03/20
    - Re: [opinion] CVE-patching is not sufficient for package security patching, raingloom, 2021/03/22
    - Re: [opinion] CVE-patching is not sufficient for package security patching, Joshua Branson, 2021/03/23
    - Re: [opinion] CVE-patching is not sufficient for package security patching, Mark H Weaver <=
    - Re: [opinion] CVE-patching is not sufficient for package security patching, Leo Famulari, 2021/03/23
    - Re: [opinion] CVE-patching is not sufficient for package security patching, Ricardo Wurmus, 2021/03/23
    - Re: [opinion] CVE-patching is not sufficient for package security patching, Leo Famulari, 2021/03/24
    - Re: [opinion] CVE-patching is not sufficient for package security patching, Vincent Legoll, 2021/03/24
    - Re: [opinion] CVE-patching is not sufficient for package security patching, Léo Le Bouter, 2021/03/24
    - Re: [opinion] CVE-patching is not sufficient for package security patching, Leo Famulari, 2021/03/24
    - Re: [opinion] CVE-patching is not sufficient for package security patching, Mathieu Othacehe, 2021/03/25
    - Re: [opinion] CVE-patching is not sufficient for package security patching, Leo Famulari, 2021/03/25
    - Buying AArch64 hardware?, Ludovic Courtès, 2021/03/30

Prev by Date: Re: imagemagick@6.9.11-48 to graft or not to graft with 6.9.12-2
Next by Date: Re: Make guix commands pipeable
Previous by thread: Re: [opinion] CVE-patching is not sufficient for package security patching
Next by thread: Re: [opinion] CVE-patching is not sufficient for package security patching
Index(es):
- Date
- Thread