Received: (at 43075) by debbugs.gnu.org; 11 Sep 2020 14:45:18 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 11 10:45:18 2020 Received: from localhost ([127.0.0.1]:45071 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGkIg-0004WN-58 for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 10:45:18 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55356) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1kGkIe-0004P3-5f for 43075 <at> debbugs.gnu.org; Fri, 11 Sep 2020 10:45:16 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:40274) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1kGkIY-0006eq-GF; Fri, 11 Sep 2020 10:45:10 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39308 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1kGkIX-0003jM-OA; Fri, 11 Sep 2020 10:45:10 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: zimoun <zimon.toutoune@HIDDEN> Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times References: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> <87bliejc3j.fsf@HIDDEN> <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> <878sdg7qej.fsf@HIDDEN> <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 26 Fructidor an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 11 Sep 2020 16:45:02 +0200 In-Reply-To: <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> (zimoun's message of "Fri, 11 Sep 2020 09:37:59 +0200") Message-ID: <87tuw4tlsh.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43075 Cc: 43075 <at> debbugs.gnu.org, chaosmonk <chaosmonk@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi, zimoun <zimon.toutoune@HIDDEN> skribis: > On Fri, 11 Sep 2020 at 08:56, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote: > >> > The recent updates of ungoogled-chromium do not mention [security >> > updates]. Well, I do not know if they are. So the question would be: >> > what triggers the special security build? >> >> To me the proposal is more about introducing scheduling priorities. For >> these packages, it=E2=80=99s indeed safe to assume that every new releas= e brings >> security fixes. > > Why would some packages be prioritized on the build farm than others? > Based on what? Which criteria? > Popularity? But we do not measure (yet?) how many times a substitute > is downloaded. > For example, I do not use ungoogled-chromium so I would prefer that > the resources of the build farm would be spent on these X packages. > Bob and Alice, they would prefer these Y packages. How do we reach a > consensus? > And security is one criteria. But how to detect it is a security fix? > > (Aside the issue of ungoogled-chromium about the time limit you > described; which should be fixed, obviously. :-)) All we=E2=80=99re saying is that for some packages, we should always assume= that new releases bring security fixes. These are key packages like Linux-libre, IceCat, ungoogled-chromium, etc. Furthermore, ungoogled-chromium is practically not buildable on one=E2=80= =99s laptop, and thus it=E2=80=99s even more important to provide substitutes. For now, the focus should be on improving overall build throughput since there=E2=80=99s a lot of room for improvement. Ludo=E2=80=99.
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at 43075) by debbugs.gnu.org; 11 Sep 2020 14:33:19 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 11 10:33:19 2020 Received: from localhost ([127.0.0.1]:45030 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGk74-0003tL-RB for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 10:33:19 -0400 Received: from mout.web.de ([212.227.15.14]:35895) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <arne_bab@HIDDEN>) id 1kGk71-0003t5-TK for 43075 <at> debbugs.gnu.org; Fri, 11 Sep 2020 10:33:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1599834786; bh=kZCSxxpEOmaJBd4IG0WQ3184DADOKvKUsVGdmOQmwsw=; h=X-UI-Sender-Class:References:From:To:Cc:Subject:In-reply-to:Date; b=VUUqe6LQ8TtexWScfdqafXE6N0d0164JXhiuSM+WR0232dDypwQIGlxwpWRAbC1sH TDOflKbyCN5mnZyHFwt1g5eo6u1ru3eVYj7n5shWl9hN2NKRHkshQ1FURERw0ngHaI 3zro5jMN2RiUmoWXaNgqSV1RDyf0LK8Hd7R2To/w= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Received: from fluss ([80.136.29.179]) by smtp.web.de (mrweb004 [213.165.67.108]) with ESMTPSA (Nemesis) id 0MDSxB-1kJodz2EbV-00Gu8m; Fri, 11 Sep 2020 16:33:06 +0200 References: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> <87bliejc3j.fsf@HIDDEN> <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> <878sdg7qej.fsf@HIDDEN> <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> User-agent: mu4e 1.4.13; emacs 27.1 From: "Dr. Arne Babenhauserheide" <arne_bab@HIDDEN> To: zimoun <zimon.toutoune@HIDDEN> Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times In-reply-to: <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> Date: Fri, 11 Sep 2020 16:33:00 +0200 Message-ID: <87a6xwjsdf.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Provags-ID: V03:K1:9xx7TRzPXY+HXHxyoit4pAq+ZFf4hu1I1kavxabPV5+l/iN+Mwr 5kg/07Z0MwofZ6+vpkQEfc+B5Kk0+YfF6FMDc6GtI34aXO2Zi82kJMIoX7KXDgANI3vuUZw NjEcp49keaH8VZryAijdKmMikvUB1G9XEXNuyy5cXazAhxq5F5ysKbcFJ3lrL6VV9HMsb6o yNQ8wo/gMY2ygD9t3gIpg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:RYKLgLsQ9GU=:v/OTMNHGT2Jx2AQNMZDXwZ O5pF0Hw6Qh0BTXNP+mojMqOlL4lpNFeeoxWdnPPx5ulvN6UJJ+TRo9ubgLj3wqvETVn5YD0vY EgOhb4Un3AxFtX6mA47ijdXE12NUqr+H1JEfp+BK0fmvvMkuLQdrhMWNU9SHeU6+SEl4xKX9o 9PzwUZLRc8IR34TvAo+3cMqBW2VsPtB7vmFohKCbal18gALQILbdUurMevKI8FLX67rkj2Ki/ mAu3FhsHD9KBfv4WpZ11u/RcbPUkeNr6s0ZkV+gWed7qazSj1oWTZtZsQvBYDmybcKHORmkjQ wDNUreVTX+B7fUg/HWhE0RzGTFC8+2rUDfBpTxnWRGTCTAyqz3LXTS232NDuAvdibteXoawCJ tGhze3faanzqHI1J8c8GcqzCGVXy0rIsFe1POsjnH32aZWTEvPpa6oMppgmWOhxItDT1Go1F9 xf5tOP2Qhmy5kU8gXVJSdd5vRHVOSm3D87mOLthNwO5/JVeKY48ZZj1EIoIaQ5hPGSC28gAnW ePWwX+E1PrDWk+HdTMuc9kHAUECikd4x7UHG1/bKcEKIk82iYg4PzCWSBF5CKpgfPswY5rLqJ UFjlAKuYP1wb4VPKhISpQBA8F6fK8xLdCNHc7tIzKfubvaRbqxkwLHajMBf0g17iYGh1aI1ac pqegZSw3Qw8COLgpzEn91YW1ZTgnDHs3klN5OHwE+2nm8HMWyUdPQWIWqHnhxlmw9b/ySs7O3 pYFHEfEzLvmNgEjWsICcxpqIjPM0rummkflhrN25jOtKJlq5y5eeL9qiV6ZFnHgHhVYE35p3P YQipLXUo2+jsdlnVrKTpU+FvF41+bFYD0eT+HHROSI0vCcxJ8KJ4S4WlYv1vdMZCIbPb3Fw2n ne5e+ngodIWN+Ak4pnX0ZcddJtqmxVdK+Ci7tzgOQTMBbMAu6g3kgnY/zm7ye14kZYfrZvGnP wPXnQpXTI0yQVljXG3+a6St5bVL4i063v+MmhYm9n/wrDLalH1x8SB/DGz6zrFuiY7SLpobXQ 4GI6DSJP/SNmA4vzH9/JCFwYIkis55uw9RmkZ0fGPL9AaPR6dukBC3Mw6ywh9G5oWwFybbv5H ZPsoM11+9Pw2cXlIPy8kPFQy0JUMLDfr2by6FNzvZSxr1FGT9DEQRnPcfokrI++f3Vqcz+KIe nHzK8yYoRmx8Fwtw1aMuoKKn8gpIHEzMLYjNrye0JbjYb9TUG1177oPKyJfbqhDw3GX0fHiu9 AyWKYHDyfeFKP5E9Q X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 43075 Cc: bug-guix@HIDDEN, Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, chaosmonk <chaosmonk@HIDDEN>, 43075 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable zimoun <zimon.toutoune@HIDDEN> writes: > On Fri, 11 Sep 2020 at 08:56, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote: >> To me the proposal is more about introducing scheduling priorities. For >> these packages, it=E2=80=99s indeed safe to assume that every new releas= e brings >> security fixes. > > Why would some packages be prioritized on the build farm than others? > Based on what? Which criteria? There are two aspects that make ungoogled-chromium, icecat and linux-libre special: =2D long build time =2D security critical If a user cannot run the newest ungoogled-chromium, icecat, or linux-libre due to too high build times (so it can for example only be built on a weekend, but not on a weekday when the computer is only active for a few hours), then this user is prone to be hit by zero-day vulnerabilities. So the minimal criterion would be: Protect users from zero-days. For ungoogled-chromium, icecat, and linux-libre, two factors match: =2D the chance is very high that an update fixes a vulnerability, and =2D they take so long to build that many users won=E2=80=99t be able to do = it right away. I certainly can=E2=80=99t: I cannot update ungoogled-chromium during work-t= ime because the compile is so heavy on resources, that it considerably slows down my work. Best wishes, Arne =2D-=20 Unpolitisch sein hei=C3=9Ft politisch sein ohne es zu merken --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE801qEjXQSQPNItXAE++NRSQDw+sFAl9bip8QHGFybmVfYmFi QHdlYi5kZQAKCRAT741FJAPD6/rmD/4kag8/3+DZv59TTILgjjNV/0RnAKzEMmRJ ZZV2fziszfjY9z67Jk2cRSbR8PL4UQsz93rj0lKJ+aPsY0bxaBQ3rqB+oC+aGhCB 6qnD5J9/2AQKfvrEQy075XkDvnm+sHicsNOLehr+DQffYGtWshv6kpAqqutL1Yvf szSpumHaXv53iwhZg213yAoFCptv8yp+6nGU9KvVbGhgT+Tl4jHco0Er3UxcG6k/ dI2qN9yjFH89FgRfkUTJi+RXZLpis6TdgPizg+mmn6BzeSYTWEjR/np6eAub9WiX hP3cDrJpPau0U5h1CytDwW4WNbe1V7IB+zkMVEzyTptLk0FuHEvxBxKYup4D+GAq DYa02xCnssooas9CKai301u917IitmpZbitKk0Mp3aDCdZLgr3zFdrrFrL2nBpIA xsRPwRFmJDuUdCb8bc4/dFnBApAxAvm217VCuDV0hIWBPq1CDvMe3ez4Lvwg7eG6 06Zt2fhrYOoifsxQx7BHO113aoY8qAu5bkTAZZsByXroRq8i11edi3JLJFrKNVm2 qVfdf/JEjCqxzADJPUu0quGLJUyJIGDVJwZ3f5ifRP786ihQc6Q46O7gLNf36DgF 4zmGFe7+q1R//w8OV1G+D+zuIfYenu9lvGJ18JuLwhfzlSNpXWBr3/JbEfvrzBDE Q/WQGlN0YojEBAEBCAAuFiEE3Si95tmHXKvOSosd3M8NswvBBUgFAl9biqEQHGFy bmVfYmFiQHdlYi5kZQAKCRDczw2zC8EFSEWMA/97UouOyqFm1RdVhZbediNf+UNn 4NCrRx1NwGQN6I3BADwj2EKmS7wDpQQK+qtiSYjw5ehYjJlgJ2L3UpHk7aPxW4pT 3CcE0tepj3l7kBmV/Somaou4aeBucUCaNyRXbDGdo6ZbgBP6fIVicccveLjj3WKv Ig/y5EPKwe5oCdU08A== =GM9R -----END PGP SIGNATURE----- --=-=-=--
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at submit) by debbugs.gnu.org; 11 Sep 2020 14:33:24 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 11 10:33:24 2020 Received: from localhost ([127.0.0.1]:45033 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGk7A-0003td-2K for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 10:33:24 -0400 Received: from lists.gnu.org ([209.51.188.17]:34986) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <arne_bab@HIDDEN>) id 1kGk78-0003tW-4o for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 10:33:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54860) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <arne_bab@HIDDEN>) id 1kGk77-0008Dz-Py for bug-guix@HIDDEN; Fri, 11 Sep 2020 10:33:21 -0400 Received: from mout.web.de ([212.227.15.14]:36223) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <arne_bab@HIDDEN>) id 1kGk74-0004lR-NG; Fri, 11 Sep 2020 10:33:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1599834786; bh=kZCSxxpEOmaJBd4IG0WQ3184DADOKvKUsVGdmOQmwsw=; h=X-UI-Sender-Class:References:From:To:Cc:Subject:In-reply-to:Date; b=VUUqe6LQ8TtexWScfdqafXE6N0d0164JXhiuSM+WR0232dDypwQIGlxwpWRAbC1sH TDOflKbyCN5mnZyHFwt1g5eo6u1ru3eVYj7n5shWl9hN2NKRHkshQ1FURERw0ngHaI 3zro5jMN2RiUmoWXaNgqSV1RDyf0LK8Hd7R2To/w= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Received: from fluss ([80.136.29.179]) by smtp.web.de (mrweb004 [213.165.67.108]) with ESMTPSA (Nemesis) id 0MDSxB-1kJodz2EbV-00Gu8m; Fri, 11 Sep 2020 16:33:06 +0200 References: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> <87bliejc3j.fsf@HIDDEN> <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> <878sdg7qej.fsf@HIDDEN> <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> User-agent: mu4e 1.4.13; emacs 27.1 From: "Dr. Arne Babenhauserheide" <arne_bab@HIDDEN> To: zimoun <zimon.toutoune@HIDDEN> Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times In-reply-to: <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> Date: Fri, 11 Sep 2020 16:33:00 +0200 Message-ID: <87a6xwjsdf.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Provags-ID: V03:K1:9xx7TRzPXY+HXHxyoit4pAq+ZFf4hu1I1kavxabPV5+l/iN+Mwr 5kg/07Z0MwofZ6+vpkQEfc+B5Kk0+YfF6FMDc6GtI34aXO2Zi82kJMIoX7KXDgANI3vuUZw NjEcp49keaH8VZryAijdKmMikvUB1G9XEXNuyy5cXazAhxq5F5ysKbcFJ3lrL6VV9HMsb6o yNQ8wo/gMY2ygD9t3gIpg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:RYKLgLsQ9GU=:v/OTMNHGT2Jx2AQNMZDXwZ O5pF0Hw6Qh0BTXNP+mojMqOlL4lpNFeeoxWdnPPx5ulvN6UJJ+TRo9ubgLj3wqvETVn5YD0vY EgOhb4Un3AxFtX6mA47ijdXE12NUqr+H1JEfp+BK0fmvvMkuLQdrhMWNU9SHeU6+SEl4xKX9o 9PzwUZLRc8IR34TvAo+3cMqBW2VsPtB7vmFohKCbal18gALQILbdUurMevKI8FLX67rkj2Ki/ mAu3FhsHD9KBfv4WpZ11u/RcbPUkeNr6s0ZkV+gWed7qazSj1oWTZtZsQvBYDmybcKHORmkjQ wDNUreVTX+B7fUg/HWhE0RzGTFC8+2rUDfBpTxnWRGTCTAyqz3LXTS232NDuAvdibteXoawCJ tGhze3faanzqHI1J8c8GcqzCGVXy0rIsFe1POsjnH32aZWTEvPpa6oMppgmWOhxItDT1Go1F9 xf5tOP2Qhmy5kU8gXVJSdd5vRHVOSm3D87mOLthNwO5/JVeKY48ZZj1EIoIaQ5hPGSC28gAnW ePWwX+E1PrDWk+HdTMuc9kHAUECikd4x7UHG1/bKcEKIk82iYg4PzCWSBF5CKpgfPswY5rLqJ UFjlAKuYP1wb4VPKhISpQBA8F6fK8xLdCNHc7tIzKfubvaRbqxkwLHajMBf0g17iYGh1aI1ac pqegZSw3Qw8COLgpzEn91YW1ZTgnDHs3klN5OHwE+2nm8HMWyUdPQWIWqHnhxlmw9b/ySs7O3 pYFHEfEzLvmNgEjWsICcxpqIjPM0rummkflhrN25jOtKJlq5y5eeL9qiV6ZFnHgHhVYE35p3P YQipLXUo2+jsdlnVrKTpU+FvF41+bFYD0eT+HHROSI0vCcxJ8KJ4S4WlYv1vdMZCIbPb3Fw2n ne5e+ngodIWN+Ak4pnX0ZcddJtqmxVdK+Ci7tzgOQTMBbMAu6g3kgnY/zm7ye14kZYfrZvGnP wPXnQpXTI0yQVljXG3+a6St5bVL4i063v+MmhYm9n/wrDLalH1x8SB/DGz6zrFuiY7SLpobXQ 4GI6DSJP/SNmA4vzH9/JCFwYIkis55uw9RmkZ0fGPL9AaPR6dukBC3Mw6ywh9G5oWwFybbv5H ZPsoM11+9Pw2cXlIPy8kPFQy0JUMLDfr2by6FNzvZSxr1FGT9DEQRnPcfokrI++f3Vqcz+KIe nHzK8yYoRmx8Fwtw1aMuoKKn8gpIHEzMLYjNrye0JbjYb9TUG1177oPKyJfbqhDw3GX0fHiu9 AyWKYHDyfeFKP5E9Q Received-SPF: pass client-ip=212.227.15.14; envelope-from=arne_bab@HIDDEN; helo=mout.web.de X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/11 10:33:17 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit Cc: bug-guix@HIDDEN, Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, chaosmonk <chaosmonk@HIDDEN>, 43075 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.4 (--) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable zimoun <zimon.toutoune@HIDDEN> writes: > On Fri, 11 Sep 2020 at 08:56, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote: >> To me the proposal is more about introducing scheduling priorities. For >> these packages, it=E2=80=99s indeed safe to assume that every new releas= e brings >> security fixes. > > Why would some packages be prioritized on the build farm than others? > Based on what? Which criteria? There are two aspects that make ungoogled-chromium, icecat and linux-libre special: =2D long build time =2D security critical If a user cannot run the newest ungoogled-chromium, icecat, or linux-libre due to too high build times (so it can for example only be built on a weekend, but not on a weekday when the computer is only active for a few hours), then this user is prone to be hit by zero-day vulnerabilities. So the minimal criterion would be: Protect users from zero-days. For ungoogled-chromium, icecat, and linux-libre, two factors match: =2D the chance is very high that an update fixes a vulnerability, and =2D they take so long to build that many users won=E2=80=99t be able to do = it right away. I certainly can=E2=80=99t: I cannot update ungoogled-chromium during work-t= ime because the compile is so heavy on resources, that it considerably slows down my work. Best wishes, Arne =2D-=20 Unpolitisch sein hei=C3=9Ft politisch sein ohne es zu merken --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE801qEjXQSQPNItXAE++NRSQDw+sFAl9bip8QHGFybmVfYmFi QHdlYi5kZQAKCRAT741FJAPD6/rmD/4kag8/3+DZv59TTILgjjNV/0RnAKzEMmRJ ZZV2fziszfjY9z67Jk2cRSbR8PL4UQsz93rj0lKJ+aPsY0bxaBQ3rqB+oC+aGhCB 6qnD5J9/2AQKfvrEQy075XkDvnm+sHicsNOLehr+DQffYGtWshv6kpAqqutL1Yvf szSpumHaXv53iwhZg213yAoFCptv8yp+6nGU9KvVbGhgT+Tl4jHco0Er3UxcG6k/ dI2qN9yjFH89FgRfkUTJi+RXZLpis6TdgPizg+mmn6BzeSYTWEjR/np6eAub9WiX hP3cDrJpPau0U5h1CytDwW4WNbe1V7IB+zkMVEzyTptLk0FuHEvxBxKYup4D+GAq DYa02xCnssooas9CKai301u917IitmpZbitKk0Mp3aDCdZLgr3zFdrrFrL2nBpIA xsRPwRFmJDuUdCb8bc4/dFnBApAxAvm217VCuDV0hIWBPq1CDvMe3ez4Lvwg7eG6 06Zt2fhrYOoifsxQx7BHO113aoY8qAu5bkTAZZsByXroRq8i11edi3JLJFrKNVm2 qVfdf/JEjCqxzADJPUu0quGLJUyJIGDVJwZ3f5ifRP786ihQc6Q46O7gLNf36DgF 4zmGFe7+q1R//w8OV1G+D+zuIfYenu9lvGJ18JuLwhfzlSNpXWBr3/JbEfvrzBDE Q/WQGlN0YojEBAEBCAAuFiEE3Si95tmHXKvOSosd3M8NswvBBUgFAl9biqEQHGFy bmVfYmFiQHdlYi5kZQAKCRDczw2zC8EFSEWMA/97UouOyqFm1RdVhZbediNf+UNn 4NCrRx1NwGQN6I3BADwj2EKmS7wDpQQK+qtiSYjw5ehYjJlgJ2L3UpHk7aPxW4pT 3CcE0tepj3l7kBmV/Somaou4aeBucUCaNyRXbDGdo6ZbgBP6fIVicccveLjj3WKv Ig/y5EPKwe5oCdU08A== =GM9R -----END PGP SIGNATURE----- --=-=-=--
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at 43075) by debbugs.gnu.org; 11 Sep 2020 13:39:38 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 11 09:39:38 2020 Received: from localhost ([127.0.0.1]:43063 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGjH8-0001tM-58 for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 09:39:38 -0400 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:59221) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <leo@HIDDEN>) id 1kGjH7-0001tB-5Q for 43075 <at> debbugs.gnu.org; Fri, 11 Sep 2020 09:39:37 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 137C9B7B; Fri, 11 Sep 2020 09:39:30 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Fri, 11 Sep 2020 09:39:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=HBeyz621o45PKGKIGGNRpvbP +oCWe5vzPAfvZ+o/6Ic=; b=zNpaIRc2m8R07KBu5X20apNNhC+cU8p8Nskufhku nNNVhihaquvurR3ZTWhygq7XSX5vD3vmd3OanVhXCWgOo9Q7KPPgIjZrEsmtb04E IEVmhMh+O3sz/D/1juvffZw2YDT9GiFLEakiz/dsVLdaj7LGA2VM/pf+nNlxdXqm +Ac= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=HBeyz6 21o45PKGKIGGNRpvbP+oCWe5vzPAfvZ+o/6Ic=; b=M+TeEGKMxPrvUx3YQ8MgNo VDlZzfBSRM559E0ID1yO3UFQE1REvp3EShRq5cNO3uJjmJ4YNVTl1no1d1vtJNkw RYqeBPJQM1PxE9byIRSDgWgoVWtKCo3ZBnru51nkLDluwCm5GtRdj9ESrI7VLnce 5T0osmAdoG9zj0o5XZmIv6vAIUlKvAcNJ8xZDHOpzOzbJIfGMJGkXWz9IXJsYy5d lnT/WGaGq9PmiYjNroOykKIasJ5rMqlKiMc13VxTcPa3a3atsY5ijim72gbbIuVh +g2E0t9hrc/kiuCYz/8fwMw78Qk+UqlVcwiKJEDodF8CQQkjYw22wWnsttgglbhg == X-ME-Sender: <xms:En5bX4o1NhaS4Gxs-q3NeeTiPWkf7oviZwDmIiWYrjSst5NFOvsknA> <xme:En5bX-rjXHgELvYNaQ9t9KcVTPT5Xm4geUn8_zxbk1sGS5D_fNdhNWcBcrcOuOxeT E2cpQsoj1nHoWf4yg> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudehledgieelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefnvghoucfh rghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtth gvrhhnpedukeevgeetkeeltefgiedtjefgjeekffduteehvdfhueekudelieekjeefheff teenucfkphepjeefrddugedurdduvdejrddugeeinecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: <xmx:En5bX9OeabNA0ury3kmHyNhpB3SDowyDKefMOLiFpsFiTEm-2z91Uw> <xmx:En5bX_6dEfJejE5Re5-o9wlPkFwDx1vAruey0I2j-59JuPwZfW-Yhw> <xmx:En5bX3493gvqeaXWVqL1m0bENu3cWi326g69-SgXeaPEKhgNS_w0KA> <xmx:En5bXxQrc9jwpi7nReX8yBfFpiqLgRpj5ot1w-GRpvHhSY7fxX6Q8A> Received: from localhost (c-73-141-127-146.hsd1.pa.comcast.net [73.141.127.146]) by mail.messagingengine.com (Postfix) with ESMTPA id D8E093280064; Fri, 11 Sep 2020 09:39:29 -0400 (EDT) Date: Fri, 11 Sep 2020 09:39:28 -0400 From: Leo Famulari <leo@HIDDEN> To: zimoun <zimon.toutoune@HIDDEN> Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times Message-ID: <20200911133928.GB32741@HIDDEN> References: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> <87bliejc3j.fsf@HIDDEN> <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> <878sdg7qej.fsf@HIDDEN> <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND" Content-Disposition: inline In-Reply-To: <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 43075 Cc: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@HIDDEN>, chaosmonk <chaosmonk@HIDDEN>, 43075 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Sep 11, 2020 at 09:37:59AM +0200, zimoun wrote: > I understand the annoyance and the frustration of the substitutes > availability but I am not convinced that some packages have higher > priority on the substitute delivery than others. In general, I agree with you, especially since most packages do not really take very long to build if there are no substitutes available, or they do not change very often. However, I noticed today that we do not have substitutes for linux-libre 5.4.64, which was released upstream and added to Guix two days ago. In my experience, we have rarely required users to build linux-libre, and I think the current situation is a serious regression for our build farm. We should prioritize building the kernel. --d6Gm4EdcadzBjdND Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl9bfgoACgkQJkb6MLrK fwjxFw//b5Dgxnzf07qAqDAJ6ZrXxNFBIoG/bDJ1PJQAv/aAXG6dqlbzQHXga7+d cEtrXQWF1DyY47RCnNiu6Ap3/uCa+KeDPQM/gRzSQ2J0jIC2sbL7c9xLO/xB4+83 iVw92MYLamDqVcZnhiQovdvBZ4GrQ1WUR2ctM0fokcjbwVi/9GkMSVMfu/AF17Y3 1p1FyBd6pLPrbSVnE9VvyzCDXaQnCClOXnd3GLmyAy0DUcVFMujd0uY4poi8dQjT G63uCvEtgZO7N0e6XRIGRSpdIhYS1qS54MRX2opu2lgOqHQh3gilxtuEf1MuAyKu NmvCy5dJccqrzuxujWeyANw2wmFWqNKDCc7H6JWkaJEjZnP8JMp66D37iYQvXFfn CTi6pUG9RAoC+V/212fqura/niBizrIRLpQVVaAYV1u9SE9cHy/4LvRoJ6lXY0a2 BQgexnD8j0YBSO8I3X2+l2PMzRgMPoSVW2jSjsyeYETCyBbhwbLsV3vilThEj1SM DtlV7c2t7jct9jeJd0gGk2VKRLkbD9DXk4ZsFSh5iQ+b3AvSuKgPg2CatnwjjytU ZEPQs3X/26qIdag68H/Sqa1UVaZ7D/9x2SV3Fzled1O9nMucrtW8s08pOV43tHnm F/yfmCKntZaJakEkJtFsc6FKIpxQ/i/bVFpqwf9Y/4Qkt4yjRfc= =ADWQ -----END PGP SIGNATURE----- --d6Gm4EdcadzBjdND--
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at 43075) by debbugs.gnu.org; 11 Sep 2020 08:24:07 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 11 04:24:07 2020 Received: from localhost ([127.0.0.1]:42246 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGeLn-0001vo-Bp for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 04:24:07 -0400 Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21142) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <rekado@HIDDEN>) id 1kGeLm-0001vZ-9X for 43075 <at> debbugs.gnu.org; Fri, 11 Sep 2020 04:24:06 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1599812576; cv=none; d=zohomail.com; s=zohoarc; b=ghEDLMVBrOodViX2lBsUqZQl4Rj/aZ1V0ptQn+3D+t6PscCMGVhkT2LJzuHxGATLDkTdfPJLFkFxZ+4QUa+HnnDpNVf3/2Kx8vIsObNzbAAQrClYLxidXMpZ8eF7VVbECg7IMFkrgHjKTaYUAHkxdsqpprDYhofLFb2H0HpZFzA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1599812576; h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=KujEPHJnf/LasJIbOM2+LGQWo3Yz0Krl4Bv601ntF54=; b=OEO9mWI5n9xUhwsunGLkMx5/LGy2lZRjpg3TxD2lIbrZBW5aKjho8mwGAMnvMQHxrllldlInFfeyd5bGfEwk0bGM3arW+OW/4dKAy3YA411OMglURZV5+4PZJjkMrqgVYH6eq1ekSicgpb7z35pe2nGGfpFxR2HAeWVCfK+Z0EQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@HIDDEN; dmarc=pass header.from=<rekado@HIDDEN> header.from=<rekado@HIDDEN> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1599812576; s=zoho; d=elephly.net; i=rekado@HIDDEN; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type; bh=KujEPHJnf/LasJIbOM2+LGQWo3Yz0Krl4Bv601ntF54=; b=ht3pGSJi0HTtj2EyI7OA7LgC8FwdQFwKwmMW5h0GKGVJzhs2kQ5WwRYFf6K8SIGe f1kvhPpe04c8WYuKDnTZt21KB1eBUQcbIJ4sQhE2x0NofPDrjgeHqY+iCu7dTudijGg xwPe3rnBKqMgukhsrk20UAxQGZRL9vWdBc1nR4gc= Received: from localhost (p54ad420a.dip0.t-ipconnect.de [84.173.66.10]) by mx.zohomail.com with SMTPS id 1599812541995650.3068248571255; Fri, 11 Sep 2020 01:22:21 -0700 (PDT) References: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> <87bliejc3j.fsf@HIDDEN> <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> <878sdg7qej.fsf@HIDDEN> <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> User-agent: mu4e 1.4.13; emacs 27.1 From: Ricardo Wurmus <rekado@HIDDEN> To: zimoun <zimon.toutoune@HIDDEN> Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times In-reply-to: <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Fri, 11 Sep 2020 10:23:36 +0200 Message-ID: <87h7s43enr.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain X-ZohoMailClient: External X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 43075 Cc: bug-guix@HIDDEN, Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, chaosmonk <chaosmonk@HIDDEN>, 43075 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) zimoun <zimon.toutoune@HIDDEN> writes: > I understand the annoyance and the frustration of the substitutes > availability but I am not convinced that some packages have higher > priority on the substitute delivery than others. Hard to say. I think this discussion is a little premature given our historic underutilization of the build farm hardware, which is very often idle. Perhaps once the instrumentation of Cuirass has yielded actionable paths to improving this we can reconsider if priorization is still necessary or even feasible. -- Ricardo
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at submit) by debbugs.gnu.org; 11 Sep 2020 08:24:07 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 11 04:24:07 2020 Received: from localhost ([127.0.0.1]:42244 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGeLn-0001vm-4T for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 04:24:07 -0400 Received: from lists.gnu.org ([209.51.188.17]:60402) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <rekado@HIDDEN>) id 1kGeLl-0001vY-FR for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 04:24:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58762) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <rekado@HIDDEN>) id 1kGeLl-0006Gg-9q for bug-guix@HIDDEN; Fri, 11 Sep 2020 04:24:05 -0400 Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21128) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <rekado@HIDDEN>) id 1kGeLj-0008QI-3l; Fri, 11 Sep 2020 04:24:04 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1599812576; cv=none; d=zohomail.com; s=zohoarc; b=ghEDLMVBrOodViX2lBsUqZQl4Rj/aZ1V0ptQn+3D+t6PscCMGVhkT2LJzuHxGATLDkTdfPJLFkFxZ+4QUa+HnnDpNVf3/2Kx8vIsObNzbAAQrClYLxidXMpZ8eF7VVbECg7IMFkrgHjKTaYUAHkxdsqpprDYhofLFb2H0HpZFzA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1599812576; h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=KujEPHJnf/LasJIbOM2+LGQWo3Yz0Krl4Bv601ntF54=; b=OEO9mWI5n9xUhwsunGLkMx5/LGy2lZRjpg3TxD2lIbrZBW5aKjho8mwGAMnvMQHxrllldlInFfeyd5bGfEwk0bGM3arW+OW/4dKAy3YA411OMglURZV5+4PZJjkMrqgVYH6eq1ekSicgpb7z35pe2nGGfpFxR2HAeWVCfK+Z0EQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@HIDDEN; dmarc=pass header.from=<rekado@HIDDEN> header.from=<rekado@HIDDEN> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1599812576; s=zoho; d=elephly.net; i=rekado@HIDDEN; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type; bh=KujEPHJnf/LasJIbOM2+LGQWo3Yz0Krl4Bv601ntF54=; b=ht3pGSJi0HTtj2EyI7OA7LgC8FwdQFwKwmMW5h0GKGVJzhs2kQ5WwRYFf6K8SIGe f1kvhPpe04c8WYuKDnTZt21KB1eBUQcbIJ4sQhE2x0NofPDrjgeHqY+iCu7dTudijGg xwPe3rnBKqMgukhsrk20UAxQGZRL9vWdBc1nR4gc= Received: from localhost (p54ad420a.dip0.t-ipconnect.de [84.173.66.10]) by mx.zohomail.com with SMTPS id 1599812541995650.3068248571255; Fri, 11 Sep 2020 01:22:21 -0700 (PDT) References: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> <87bliejc3j.fsf@HIDDEN> <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> <878sdg7qej.fsf@HIDDEN> <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> User-agent: mu4e 1.4.13; emacs 27.1 From: Ricardo Wurmus <rekado@HIDDEN> To: zimoun <zimon.toutoune@HIDDEN> Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times In-reply-to: <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Fri, 11 Sep 2020 10:23:36 +0200 Message-ID: <87h7s43enr.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain X-ZohoMailClient: External Received-SPF: pass client-ip=136.143.188.51; envelope-from=rekado@HIDDEN; helo=sender4-of-o51.zoho.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/11 04:19:37 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: bug-guix@HIDDEN, Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, chaosmonk <chaosmonk@HIDDEN>, 43075 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.3 (--) zimoun <zimon.toutoune@HIDDEN> writes: > I understand the annoyance and the frustration of the substitutes > availability but I am not convinced that some packages have higher > priority on the substitute delivery than others. Hard to say. I think this discussion is a little premature given our historic underutilization of the build farm hardware, which is very often idle. Perhaps once the instrumentation of Cuirass has yielded actionable paths to improving this we can reconsider if priorization is still necessary or even feasible. -- Ricardo
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at 43075) by debbugs.gnu.org; 11 Sep 2020 07:38:18 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 11 03:38:17 2020 Received: from localhost ([127.0.0.1]:42219 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGddR-0000pB-NZ for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 03:38:17 -0400 Received: from mail-qt1-f170.google.com ([209.85.160.170]:34154) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <zimon.toutoune@HIDDEN>) id 1kGddQ-0000oy-HH for 43075 <at> debbugs.gnu.org; Fri, 11 Sep 2020 03:38:16 -0400 Received: by mail-qt1-f170.google.com with SMTP id 19so7159863qtp.1 for <43075 <at> debbugs.gnu.org>; Fri, 11 Sep 2020 00:38:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=H2WoYjA2p6g6qEC53evIiOfBVijflncR4cQDv1MlGwc=; b=cpRmGpqI6FBldagwahEfkt6V9/uigrJ9l1HlQzhSDF0iKpnF9yP4EpoCV45I5YFd+d u3kz+Kjl1glMpnSnseYrRPRcxmLFPHTg+vlI5B0NwIQkIMjskSsQU3UCUVuTSlyD+QXR xk+m60cFQvIHNGCgJyYihxPNX/jwafJTIvX/iZRAdok87cEDVwziUWNihwg1yJX+KfjA 9fB7ARCRPgVMyZVArqqtgZtnvWb3BZ0aNVglTnP6fmougi0Z2gab1lFItIfp5gMtAWMP t7e5Iby52EgbAZO2xenmap8VCssjW2mnoDrhXQX0zagrS+TMtEn0SBd5FOnCuTRRoBfM RS5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=H2WoYjA2p6g6qEC53evIiOfBVijflncR4cQDv1MlGwc=; b=G3T8W6BOxBPO1EvFRpPCzonEoyO00K2dbNvPA8kxRbC7Mih1vtJj3ln9QI166vXy76 pTnep/mMZKjIqEpusK8Oh4J/AP13k2eN4QdvGxFNJcveN2Opdu3otWZwnVEu+8nw2HjQ dKHYKpJwH767huGdHZfllCKBJ0+m7fmk/h+FO88M2SH0BirWiBDAWDSOIy+adpf+uhob zJO1MSWjivZL9ncrA3jEf9s1fJ6AOLuCHh23+dsa0mEUP6jg3srF+RwZFe/S+MfdbYSV AWBuxIdZ8POsDtL0DNaJtkDTax1bWj/DTVIO/di5eSMOqDcBAWpuFJmbaNiMcPA4HLlB 3D2w== X-Gm-Message-State: AOAM530NF5YovJItLKj7Hq54apcNfE5cQsd/iertaR5vSOB/MkI6cMGY j02CwLe+ZQr2CPWa4a3QBDssVb2dtWvRXp3KRio= X-Google-Smtp-Source: ABdhPJzk87+UmNOQbzO02rcp0HKoatn0TfTBExGXIV968UNW2v3SDglt2qKvzVtoQi4zfEMSxTdI4WzQ+Pwt3k8xlas= X-Received: by 2002:aed:2fc5:: with SMTP id m63mr662120qtd.313.1599809890760; Fri, 11 Sep 2020 00:38:10 -0700 (PDT) MIME-Version: 1.0 References: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> <87bliejc3j.fsf@HIDDEN> <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> <878sdg7qej.fsf@HIDDEN> In-Reply-To: <878sdg7qej.fsf@HIDDEN> From: zimoun <zimon.toutoune@HIDDEN> Date: Fri, 11 Sep 2020 09:37:59 +0200 Message-ID: <CAJ3okZ30O-Y-1QyKymxwGh6WCcxKiqKizogiT=A5Sy76Ef3gVA@HIDDEN> Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 43075 Cc: 43075 <at> debbugs.gnu.org, chaosmonk <chaosmonk@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi, On Fri, 11 Sep 2020 at 08:56, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote: > > The recent updates of ungoogled-chromium do not mention [security > > updates]. Well, I do not know if they are. So the question would be: > > what triggers the special security build? > > To me the proposal is more about introducing scheduling priorities. For > these packages, it=E2=80=99s indeed safe to assume that every new release= brings > security fixes. Why would some packages be prioritized on the build farm than others? Based on what? Which criteria? Popularity? But we do not measure (yet?) how many times a substitute is downloaded. For example, I do not use ungoogled-chromium so I would prefer that the resources of the build farm would be spent on these X packages. Bob and Alice, they would prefer these Y packages. How do we reach a consensus? And security is one criteria. But how to detect it is a security fix? (Aside the issue of ungoogled-chromium about the time limit you described; which should be fixed, obviously. :-)) I understand the annoyance and the frustration of the substitutes availability but I am not convinced that some packages have higher priority on the substitute delivery than others. All the best, simon
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at 43075) by debbugs.gnu.org; 11 Sep 2020 06:56:35 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 11 02:56:35 2020 Received: from localhost ([127.0.0.1]:42154 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGcz5-0008DB-By for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 02:56:35 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35522) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1kGcz4-0008Cy-7H for 43075 <at> debbugs.gnu.org; Fri, 11 Sep 2020 02:56:34 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:48028) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1kGcyy-0005i9-Mh; Fri, 11 Sep 2020 02:56:28 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=36470 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1kGcyx-0006uK-VP; Fri, 11 Sep 2020 02:56:28 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: zimoun <zimon.toutoune@HIDDEN> Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times References: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> <87bliejc3j.fsf@HIDDEN> <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 26 Fructidor an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 11 Sep 2020 08:56:20 +0200 In-Reply-To: <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> (zimoun's message of "Thu, 10 Sep 2020 11:19:11 +0200") Message-ID: <878sdg7qej.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43075 Cc: 43075 <at> debbugs.gnu.org, chaosmonk <chaosmonk@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi, zimoun <zimon.toutoune@HIDDEN> skribis: > On Thu, 10 Sep 2020 at 10:01, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote: >> chaosmonk <chaosmonk@HIDDEN> skribis: > >> > I don't know what Guix's CI system looks like or how packages are >> > queued for building, but if there is a way to prioritize builds for >> > certain packages, I propose that substitutes for packages like >> > ungoogled-chromium should be built as soon as possible once there is a >> > new version. Other security-critical packages with potentially long >> > build times that come to mind are icecat and linux-libre. > >> Right now we=E2=80=99re trying to improve build throughput in general bu= t your >> proposal makes sense, of course. > > The recent updates of ungoogled-chromium do not mention [security > updates]. Well, I do not know if they are. So the question would be: > what triggers the special security build? To me the proposal is more about introducing scheduling priorities. For these packages, it=E2=80=99s indeed safe to assume that every new release b= rings security fixes. Thanks, Ludo=E2=80=99.
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at 43075) by debbugs.gnu.org; 11 Sep 2020 06:54:02 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 11 02:54:01 2020 Received: from localhost ([127.0.0.1]:42146 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGcwb-00088t-Kw for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 02:54:01 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34914) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1kGcwa-00088X-4M for 43075 <at> debbugs.gnu.org; Fri, 11 Sep 2020 02:54:00 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:48008) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1kGcwU-0005HG-Mu; Fri, 11 Sep 2020 02:53:54 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=36468 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1kGcwU-0006dT-7b; Fri, 11 Sep 2020 02:53:54 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: "Mason Hock" <chaosmonk@HIDDEN> Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times References: <C5K545LNO64W.2PDZIYAKMIVOJ@libricia-thinkcentre> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 26 Fructidor an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 11 Sep 2020 08:53:45 +0200 In-Reply-To: <C5K545LNO64W.2PDZIYAKMIVOJ@libricia-thinkcentre> (Mason Hock's message of "Thu, 10 Sep 2020 18:14:28 -0700") Message-ID: <87d02s7qiu.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43075 Cc: 43075 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi, "Mason Hock" <chaosmonk@HIDDEN> skribis: > On Thu Sep 10, 2020 at 1:00 AM PDT, Ludovic Court=C3=A8s wrote: >> Hi, >> >> chaosmonk <chaosmonk@HIDDEN> skribis: >> >> > ungoogled-chromium receives frequent security updates, so it is >> > important for users to keep it up-to-date. However, binary >> > substitutes for the latest version are usually not available, and it >> > can take a very long time to build from source, possibly multiple >> > days on low-end hardware. This might tempt or force some users to put >> > off upgrading the package and run an older, vulnerable version until a >> > binary substitute is available or they have a chance to set aside the >> > uptime needed to build from source. >> > >> > I don't know what Guix's CI system looks like or how packages are >> > queued for building, but if there is a way to prioritize builds for >> > certain packages, I propose that substitutes for packages like >> > ungoogled-chromium should be built as soon as possible once there is a >> > new version. Other security-critical packages with potentially long >> > build times that come to mind are icecat and linux-libre. >> >> Thanks for your feedback. Our build farm has often been lagging behind >> lately and that=E2=80=99s something we=E2=80=99ve been working on. The >> ungoogled-chromium package is even more problematic because it takes >> more than ~80 CPU-hours to build, and that often times out with our >> current build farm settings (where we don=E2=80=99t allow builds to take= more >> than 6h, IIRC). > > Yes, Chromium's build time is obscene. However, not providing > substitutes for it duplicates that problem to the machines of every Guix > user who uses ungoogled-chromium. In the time that it would take Guix's > build farm to build u-c it could probably build many other packages, but > users are in the exact same situation, so a substitute for u-c is likely > more valuable to them than substitutes for those other packages. If it > is possible to override the 6h timeout value for individual packages, I > think that it would be worth doing so for u-c, and perhaps for Icecat > and Linux-libre as well. Definitely, yes. I just meant to explain why the build farm often lacks u-c substitutes currently, but I agree it must be addressed. Ludo=E2=80=99.
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at 43075) by debbugs.gnu.org; 11 Sep 2020 01:22:06 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Sep 10 21:22:06 2020 Received: from localhost ([127.0.0.1]:41779 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGXlO-0008Vo-G1 for submit <at> debbugs.gnu.org; Thu, 10 Sep 2020 21:22:06 -0400 Received: from mx1.riseup.net ([198.252.153.129]:35300) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <chaosmonk@HIDDEN>) id 1kGXlN-0008Vh-GL for 43075 <at> debbugs.gnu.org; Thu, 10 Sep 2020 21:22:05 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4BndJr6VftzFgYr; Thu, 10 Sep 2020 18:22:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1599787324; bh=6YP+B3H3tpJzNWnVRaRAYyB3Er/MWPY2J735VHK0yEM=; h=Cc:Subject:From:To:Date:In-Reply-To:From; b=GVILXz32n3V5Qr9mK12w0VzvboipMsns6diUJOI725XUHXX94kf13lmcgKfEz8i9D ZnPbtUjVJpCWoQkEFmwhYeBzx5Y/Grm1rjFJDEWN9m1g/byEiT7mY2dXuSm8g9DFPB HBVQU5FWyWPVfQm9eiGBWQN1/WRLmUikEIj6qQRc= X-Riseup-User-ID: 8BD78891CB146F7F3F6675E159FF5F7B3D4EEADADADAEE36BD87B7D5639F9B27 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4BndJr3csKzJqS4; Thu, 10 Sep 2020 18:22:04 -0700 (PDT) Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times From: "Mason Hock" <chaosmonk@HIDDEN> To: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> Date: Thu, 10 Sep 2020 18:14:28 -0700 Message-Id: <C5K545LNO64W.2PDZIYAKMIVOJ@libricia-thinkcentre> In-Reply-To: <87bliejc3j.fsf@HIDDEN> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 43075 Cc: 43075 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) On Thu Sep 10, 2020 at 1:00 AM PDT, Ludovic Court=C3=A8s wrote: > Hi, > > chaosmonk <chaosmonk@HIDDEN> skribis: > > > ungoogled-chromium receives frequent security updates, so it is > > important for users to keep it up-to-date. However, binary > > substitutes for the latest version are usually not available, and it > > can take a very long time to build from source, possibly multiple > > days on low-end hardware. This might tempt or force some users to put > > off upgrading the package and run an older, vulnerable version until a > > binary substitute is available or they have a chance to set aside the > > uptime needed to build from source. > > > > I don't know what Guix's CI system looks like or how packages are > > queued for building, but if there is a way to prioritize builds for > > certain packages, I propose that substitutes for packages like > > ungoogled-chromium should be built as soon as possible once there is a > > new version. Other security-critical packages with potentially long > > build times that come to mind are icecat and linux-libre. > > Thanks for your feedback. Our build farm has often been lagging behind > lately and that=E2=80=99s something we=E2=80=99ve been working on. The > ungoogled-chromium package is even more problematic because it takes > more than ~80 CPU-hours to build, and that often times out with our > current build farm settings (where we don=E2=80=99t allow builds to take = more > than 6h, IIRC). Yes, Chromium's build time is obscene. However, not providing substitutes for it duplicates that problem to the machines of every Guix user who uses ungoogled-chromium. In the time that it would take Guix's build farm to build u-c it could probably build many other packages, but users are in the exact same situation, so a substitute for u-c is likely more valuable to them than substitutes for those other packages. If it is possible to override the 6h timeout value for individual packages, I think that it would be worth doing so for u-c, and perhaps for Icecat and Linux-libre as well. > Right now we=E2=80=99re trying to improve build throughput in general but= your > proposal makes sense, of course. > > Thanks, > Ludo=E2=80=99.
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at 43075) by debbugs.gnu.org; 11 Sep 2020 01:12:52 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Sep 10 21:12:52 2020 Received: from localhost ([127.0.0.1]:41775 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGXcS-0008IM-Hp for submit <at> debbugs.gnu.org; Thu, 10 Sep 2020 21:12:52 -0400 Received: from mx1.riseup.net ([198.252.153.129]:60448) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <chaosmonk@HIDDEN>) id 1kGXcQ-0008IE-9V for 43075 <at> debbugs.gnu.org; Thu, 10 Sep 2020 21:12:51 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4Bnd693cxTzFdwm; Thu, 10 Sep 2020 18:12:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1599786769; bh=y3NQ03M36vbqhfqEeNBVAAGyaYiEjxQfH8GDZWAELfw=; h=Cc:Subject:From:To:Date:In-Reply-To:From; b=oqnnD+Mfsuh4pVGqi1KW197AChMcr22agSrtaRhSEzQA+4Y7u4/5lufZlJwqlquO2 5PIIPU+8ERnKX61c2NN98tD5+DldK8LO+43Bti1J0YzKtaPztkL+cOEsOZ3L3D+2If s8GBf5OqN0Wz6Vpiha2ZAucmj0heAu0eRx1StoXM= X-Riseup-User-ID: 135F4EC1E1754EBB40E4B9D08785775A60E9C5DBA2BB19192B9BBA2B35870D31 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4Bnd686tMFzJmhK; Thu, 10 Sep 2020 18:12:48 -0700 (PDT) Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times From: "Mason Hock" <chaosmonk@HIDDEN> To: "zimoun" <zimon.toutoune@HIDDEN>, =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> Date: Thu, 10 Sep 2020 18:06:31 -0700 Message-Id: <C5K4Y29Y8DMA.12JKZ0JOKGQWE@libricia-thinkcentre> In-Reply-To: <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 43075 Cc: 43075 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) On Thu Sep 10, 2020 at 2:19 AM PDT, zimoun wrote: > Hi, > > On Thu, 10 Sep 2020 at 10:01, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote: > > chaosmonk <chaosmonk@HIDDEN> skribis: > > > > I don't know what Guix's CI system looks like or how packages are > > > queued for building, but if there is a way to prioritize builds for > > > certain packages, I propose that substitutes for packages like > > > ungoogled-chromium should be built as soon as possible once there is = a > > > new version. Other security-critical packages with potentially long > > > build times that come to mind are icecat and linux-libre. > > > Right now we=E2=80=99re trying to improve build throughput in general b= ut your > > proposal makes sense, of course. > > The recent updates of ungoogled-chromium do not mention [security > updates]. Security fixes are generally provided upstream by the Chromium devs, so the place to look for them is not ungoogled-chromium's changelog, but Chrome/Chromium's changelog.[1] > Well, I do not know if they are. So the question would be: > what triggers the special security build? For ungoogled-chromium, it is safe to assume that every new Chromium release will contain security fixes. I'm not sure about a general solution that would work for other packages. If Guix is tracking a package's upstream VCS and upstream has a consistent commit message format indicating security fixes, perhaps releases containing such commits could trigger a security build. Otherwise I'm not sure. [1] https://chromereleases.googleblog.com/2020/08/stable-channel-update-for= -desktop.html > Well, the work-in-progress [1] about some metrics of Cuirass (Guix's > CI) would provide interesting answers on the concrete feasibility and > future improvements. > > [1] http://issues.guix.gnu.org/32548#1 > > > All the best, > simon
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at 43075) by debbugs.gnu.org; 11 Sep 2020 00:47:41 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Sep 10 20:47:41 2020 Received: from localhost ([127.0.0.1]:41752 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGXE5-0007ij-Dt for submit <at> debbugs.gnu.org; Thu, 10 Sep 2020 20:47:41 -0400 Received: from imta-35.everyone.net ([216.200.145.35]:38750 helo=imta-38.everyone.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <bokr@HIDDEN>) id 1kGXE3-0007ia-0p for 43075 <at> debbugs.gnu.org; Thu, 10 Sep 2020 20:47:39 -0400 Received: from pps.filterd (omta001.sj2.proofpoint.com [127.0.0.1]) by imta-38.everyone.net (8.16.0.43/8.16.0.43) with SMTP id 08B0htGE030560; Thu, 10 Sep 2020 17:47:38 -0700 X-Eon-Originating-Account: aqrcSDWH6IRR36dHnF3k9y34VsHrolT74WA8nYkRakU X-Eon-Dm: m0116787.ppops.net Received: by m0116787.mta.everyone.net (EON-AUTHRELAY2 - 53b924b3) id m0116787.5f332914.31226d; Thu, 10 Sep 2020 17:47:35 -0700 X-Eon-Sig: AQMHrIJfWsknaQ/TegIAAAAE,86b4e7977802c4a7281a956688bcc873 X-Eip: 7CZpQXhpJQZ5jtOiiZDBxL8oWoeaQrRWlGxndRyR-Gk Date: Fri, 11 Sep 2020 02:47:27 +0200 From: Bengt Richter <bokr@HIDDEN> To: zimoun <zimon.toutoune@HIDDEN> Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times Message-ID: <20200911004727.GA2910@LionPure> References: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> <87bliejc3j.fsf@HIDDEN> <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> User-Agent: Mutt/1.10.1 (2018-07-13) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-10_10:2020-09-10, 2020-09-10 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 bulkscore=0 adultscore=0 lowpriorityscore=0 spamscore=0 mlxscore=0 phishscore=0 mlxlogscore=999 clxscore=1034 suspectscore=0 priorityscore=1501 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009110002 X-Spam-Score: -0.4 (/) X-Debbugs-Envelope-To: 43075 Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, chaosmonk <chaosmonk@HIDDEN>, 43075 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Reply-To: Bengt Richter <bokr@HIDDEN> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.4 (-) Hi, On +2020-09-10 11:19:11 +0200, zimoun wrote: > Hi, > > On Thu, 10 Sep 2020 at 10:01, Ludovic Courtès <ludo@HIDDEN> wrote: > > chaosmonk <chaosmonk@HIDDEN> skribis: > > > > I don't know what Guix's CI system looks like or how packages are > > > queued for building, but if there is a way to prioritize builds for > > > certain packages, I propose that substitutes for packages like > > > ungoogled-chromium should be built as soon as possible once there is a > > > new version. Other security-critical packages with potentially long > > > build times that come to mind are icecat and linux-libre. > > > Right now we’re trying to improve build throughput in general but your > > proposal makes sense, of course. > > The recent updates of ungoogled-chromium do not mention [security > updates]. Well, I do not know if they are. So the question would be: > what triggers the special security build? > > Well, the work-in-progress [1] about some metrics of Cuirass (Guix's > CI) would provide interesting answers on the concrete feasibility and > future improvements. > > [1] http://issues.guix.gnu.org/32548#1 > > > All the best, > simon > > > Given [1] https://www.theregister.com/2020/09/04/linux_kernel_flaw_detection/ I would guess that any publicly visible coding meant to trigger special prioritized security builds would feed the process described in [1]. Maybe that's insignificant compared to scraping commit notes and patches etc, idk. HTH :) -- Regards, Bengt Richter
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at 43075) by debbugs.gnu.org; 10 Sep 2020 09:19:29 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Sep 10 05:19:29 2020 Received: from localhost ([127.0.0.1]:36661 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGIjp-00008O-CZ for submit <at> debbugs.gnu.org; Thu, 10 Sep 2020 05:19:29 -0400 Received: from mail-qk1-f178.google.com ([209.85.222.178]:37237) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <zimon.toutoune@HIDDEN>) id 1kGIjn-000089-GQ for 43075 <at> debbugs.gnu.org; Thu, 10 Sep 2020 05:19:27 -0400 Received: by mail-qk1-f178.google.com with SMTP id 16so5371279qkf.4 for <43075 <at> debbugs.gnu.org>; Thu, 10 Sep 2020 02:19:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=nXZ0iCBRsljHRHuQo1otyzREKsQ5XigfwZz2LiabM38=; b=ZNOj6h2GEggEkcM3HyaVJSn0r/F94uSEzGewOUACrZfLIz5ihhadGxldSTjyNhWcVw uh3NkAITi9o2yPfCpN7P0WdC46aOHq1DS1L/NalElFzusIjMvXpmZ9CCgmRmvHZ0Vgmr FwMGoPmhtUom2xX1wgWUNpjwaCLAyoArTWT2Nk7yPGspuecBRsuiCg6IRzS9eUtS5Xf7 nmgvm1Zi/aiO2DYkmKDUqe0VEY+8IRcz4yDV9IC8dMj9Qh0DcdPZkTMG2IqWHNdXtv2R 5rv+GjwS/6KUjB4RUuk6ggDLWE1FFxpTtVS9dZAM2U4LVcM/kZLlCS2OVnYG2IE91fwS h/Ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=nXZ0iCBRsljHRHuQo1otyzREKsQ5XigfwZz2LiabM38=; b=K5RpVQBBZpcN/R5fLxoMBuSXAAv8wLIdsNVwM9mIBxJxK+zX3lXBMzRTVcrQ+BeCyU XEOR/N4a2IY///+pJ/YXHLWUi3scM+DImtegR/XNVzIYXV+BcpQvI9p11xDNJhdZ6fw+ VIAeWKHjh8FF7ufutHYH8IVjv321of3BX2r4mxzzpH8q2wqUdtKsY+WBNvIX9+nuEpFt zpA3jAz32thkMilIKT+tN7b9MLdDW7Az7TUxRyF5ueGO7guVyaBq+I/98ZQKV1ng+y3x RFpToeidRT2sfBTAvYUD3eZAOJf2iwmDmGf3Rz7O9BTB+a1Vms0AbC0fhh+VaNxn+N/g 9Ytg== X-Gm-Message-State: AOAM531bFyMhVMWePxzO7QkXvWRFPdE9fKCiPzff1wwrsHZpN0K1mHVk WqxFKcCC8iygqYgYykm1NmARb2OYEg1tYNG5OM0= X-Google-Smtp-Source: ABdhPJzY0OvK+sAwCt4ttoy18ojuw+2+V0stCyCSA6QqytGzIpIe0CRwS8i4O59CJLtpkl0tkmIXb8tvv1kHtplVy20= X-Received: by 2002:a05:620a:53a:: with SMTP id h26mr6946766qkh.232.1599729562019; Thu, 10 Sep 2020 02:19:22 -0700 (PDT) MIME-Version: 1.0 References: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> <87bliejc3j.fsf@HIDDEN> In-Reply-To: <87bliejc3j.fsf@HIDDEN> From: zimoun <zimon.toutoune@HIDDEN> Date: Thu, 10 Sep 2020 11:19:11 +0200 Message-ID: <CAJ3okZ3_u1TWLRjM_di62W0AfvsNifWpvKyRyaWgh727Qk4HBg@HIDDEN> Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 43075 Cc: 43075 <at> debbugs.gnu.org, chaosmonk <chaosmonk@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi, On Thu, 10 Sep 2020 at 10:01, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote: > chaosmonk <chaosmonk@HIDDEN> skribis: > > I don't know what Guix's CI system looks like or how packages are > > queued for building, but if there is a way to prioritize builds for > > certain packages, I propose that substitutes for packages like > > ungoogled-chromium should be built as soon as possible once there is a > > new version. Other security-critical packages with potentially long > > build times that come to mind are icecat and linux-libre. > Right now we=E2=80=99re trying to improve build throughput in general but= your > proposal makes sense, of course. The recent updates of ungoogled-chromium do not mention [security updates]. Well, I do not know if they are. So the question would be: what triggers the special security build? Well, the work-in-progress [1] about some metrics of Cuirass (Guix's CI) would provide interesting answers on the concrete feasibility and future improvements. [1] http://issues.guix.gnu.org/32548#1 All the best, simon
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at 43075) by debbugs.gnu.org; 10 Sep 2020 08:00:18 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Sep 10 04:00:18 2020 Received: from localhost ([127.0.0.1]:35902 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kGHVB-0004MK-O1 for submit <at> debbugs.gnu.org; Thu, 10 Sep 2020 04:00:18 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35200) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1kGHVA-0004Ey-Ab for 43075 <at> debbugs.gnu.org; Thu, 10 Sep 2020 04:00:16 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:52526) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1kGHV4-00017K-TC; Thu, 10 Sep 2020 04:00:10 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=40180 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1kGHV2-0004NN-Dv; Thu, 10 Sep 2020 04:00:09 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: chaosmonk <chaosmonk@HIDDEN> Subject: Re: bug#43075: Prioritize providing substitutes for security-critical packages with potentially long build times References: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> Date: Thu, 10 Sep 2020 10:00:00 +0200 In-Reply-To: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> (chaosmonk@HIDDEN's message of "Thu, 27 Aug 2020 13:50:26 -0700") Message-ID: <87bliejc3j.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43075 Cc: 43075 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi, chaosmonk <chaosmonk@HIDDEN> skribis: > ungoogled-chromium receives frequent security updates, so it is > important for users to keep it up-to-date. However, binary > substitutes for the latest version are usually not available, and it > can take a very long time to build from source, possibly multiple > days on low-end hardware. This might tempt or force some users to put > off upgrading the package and run an older, vulnerable version until a > binary substitute is available or they have a chance to set aside the > uptime needed to build from source. > > I don't know what Guix's CI system looks like or how packages are > queued for building, but if there is a way to prioritize builds for > certain packages, I propose that substitutes for packages like > ungoogled-chromium should be built as soon as possible once there is a > new version. Other security-critical packages with potentially long > build times that come to mind are icecat and linux-libre. Thanks for your feedback. Our build farm has often been lagging behind lately and that=E2=80=99s something we=E2=80=99ve been working on. The ungoogled-chromium package is even more problematic because it takes more than ~80 CPU-hours to build, and that often times out with our current build farm settings (where we don=E2=80=99t allow builds to take mo= re than 6h, IIRC). Right now we=E2=80=99re trying to improve build throughput in general but y= our proposal makes sense, of course. Thanks, Ludo=E2=80=99.
bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.Received: (at submit) by debbugs.gnu.org; 27 Aug 2020 21:09:06 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Aug 27 17:09:06 2020 Received: from localhost ([127.0.0.1]:44290 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1kBP8s-0002E5-8j for submit <at> debbugs.gnu.org; Thu, 27 Aug 2020 17:09:06 -0400 Received: from lists.gnu.org ([209.51.188.17]:43662) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <chaosmonk@HIDDEN>) id 1kBOpZ-0001jC-Ar for submit <at> debbugs.gnu.org; Thu, 27 Aug 2020 16:49:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52994) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <chaosmonk@HIDDEN>) id 1kBOpY-0000AG-Tp for bug-guix@HIDDEN; Thu, 27 Aug 2020 16:49:09 -0400 Received: from mx1.riseup.net ([198.252.153.129]:56838) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <chaosmonk@HIDDEN>) id 1kBOpW-00033i-M2 for bug-guix@HIDDEN; Thu, 27 Aug 2020 16:49:08 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4BcvwJ5J4TzFf0J for <bug-guix@HIDDEN>; Thu, 27 Aug 2020 13:49:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1598561344; bh=GYfn9spBsFsYuikETkjw+lTWdWe4zj5GGW4TeXYsc9Q=; h=Date:From:Subject:To:From; b=l0LaXQ4XDr+ucQ7QWkmYiJpB/pkTqcAr6GHqSh88uGdijKBAOFgEsxdeIby0VTrAz 67n0pe3VowgS5lyHTunJVuwHMHCgbM4s9ws/jj/ryykFvd/j6ArrtnqNtr9LQEr8z6 saJQoP8KXd4vZzu1WqAosx87RLJNJJU49npb9E4o= X-Riseup-User-ID: 9C7B91DF04A24F339AF62F94BD337543A9B3A9E04D336BE5D2A519740AF7833F Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4BcvwJ1nfLzJplq for <bug-guix@HIDDEN>; Thu, 27 Aug 2020 13:49:04 -0700 (PDT) Date: Thu, 27 Aug 2020 13:50:26 -0700 From: chaosmonk <chaosmonk@HIDDEN> Subject: Prioritize providing substitutes for security-critical packages with potentially long build times To: bug-guix@HIDDEN Message-Id: <2WPQFQ.3JQYOGZG7WXZ@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Received-SPF: pass client-ip=198.252.153.129; envelope-from=chaosmonk@HIDDEN; helo=mx1.riseup.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/27 15:24:31 X-ACL-Warn: Detected OS = Linux 3.11 and newer X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Thu, 27 Aug 2020 17:09:04 -0400 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.4 (--) ungoogled-chromium receives frequent security updates, so it is important for users to keep it up-to-date. However, binary substitutes for the latest version are usually not available, and it can take a very long time to build from source, possibly multiple days on low-end hardware. This might tempt or force some users to put off upgrading the package and run an older, vulnerable version until a binary substitute is available or they have a chance to set aside the uptime needed to build from source. I don't know what Guix's CI system looks like or how packages are queued for building, but if there is a way to prioritize builds for certain packages, I propose that substitutes for packages like ungoogled-chromium should be built as soon as possible once there is a new version. Other security-critical packages with potentially long build times that come to mind are icecat and linux-libre.
chaosmonk <chaosmonk@HIDDEN>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#43075; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.