Re: [opinion] CVE-patching is not sufficient for package security patchi

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opinion] CVE-patching is not sufficient for package security patchi

From:	Leo Famulari
Subject:	Re: [opinion] CVE-patching is not sufficient for package security patching
Date:	Wed, 24 Mar 2021 15:51:06 -0400

On Tue, Mar 23, 2021 at 11:54:54PM +0100, Ricardo Wurmus wrote:
> This seems to be a misunderstanding.  The first step is to use the money
> we already have but cannot exchange for hardware, because
> 
> - finding appropriate hardware that you can actually buy is not easy
> - hosting needs to be considered because we can’t just dump them in the
>   MDC data centre where most of the Intel servers are hosted.
> 
> We bought a handful of Overdrive 1000 in the past (they are no longer
> sold), and hosting was always an obstacle.
> 
> While looking for ways to get the project some more money is certainly
> worthwhile, it’s really not the pressing issue here.

I volunteer to host one or two workstation-type 64-bit ARM machines.

Concretely, this would mean a Honeycomb LX2 or Ampere ALTRA workstation,
since I don't believe there are any other aarch64 workstations available
for sale.

https://www.solid-run.com/arm-servers-networking-platforms/honeycomb-workstation/
https://store.avantek.co.uk/ampere-altra-64bit-arm-workstation.html

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [opinion] CVE-patching is not sufficient for package security patching, (continued)

Prev by Date: Re: guix import hackage fails with errors, and failed tests
Next by Date: Re: [opinion] CVE-patching is not sufficient for package security patching
Previous by thread: Re: [opinion] CVE-patching is not sufficient for package security patching
Next by thread: Re: [opinion] CVE-patching is not sufficient for package security patching
Index(es):
- Date
- Thread