[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security patching and the branching workflow: a new security-updates
|
From: |
zimoun |
|
Subject: |
Re: Security patching and the branching workflow: a new security-updates branch |
|
Date: |
Sat, 27 Mar 2021 14:56:59 +0100 |
On Sat, 27 Mar 2021 at 13:42, Léo Le Bouter <lle-bout@zaclys.net> wrote:
> On Sat, 2021-03-27 at 13:29 +0100, zimoun wrote:
>> And as I said elsewhere, “to me, security is important. But it's
>> no less important than everything *else* that is also important!“, so
>> personally I am not convinced that security updates deserve a special
>> treatment compared to a regular update. That’s my opinion. :-)
>
> You can't think this, security updates have prioritized channel of
> distribution in every other GNU/Linux distribution, we in GNU Guix
> created grafts for it, it's not possible to not ship security updates
> promptly, it puts all users at risk.
Oh, I am a big boy and I can think whatever I want! :-)
Kidding aside.
First, what does it mean «risk»? How do you evaluate it? Is it a
relative evaluation or an absolute one?
Second, I am not arguing that security is not important. I am saying
that security is important, as important as everything else that is also
important. What does it mean «important»? How do you evaluate it? Is it a
relative evaluation or an absolute one?
Third, I am aligned with Leo’s words [1]. And probably with yours
too. :-) To me, a better security is not implied by special
treatments for security fixes but instead a better treatment for the
updates in general.
You are proposing a new branch and Chris and I are saying that this
branch already exists and is staging. The real question is to know how
staging currently behaves: how many time between 2 merges? how many
time to rebuild? how many packages are rebuilt between 2 merges? etc.
Is it enough? If not, what could be done to improve? etc.
1: <https://yhetil.org/guix/YFEDt%2FPUd2ZeC6%2FF@jasmine.lan/>
Cheers,
simon