[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security related tooling project
|
From: |
Chris Marusich |
|
Subject: |
Re: Security related tooling project |
|
Date: |
Sat, 03 Apr 2021 22:09:24 -0700 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Christopher Baines <mail@cbaines.net> writes:
> In terms of looking at security from a project perspective, I'm thinking
> about these kinds of needs/questions:
>
> - What security issues affect this revision of Guix? (latest or otherwise)
>
> - How do Guix contributors find out about new security issues that
> affect Guix revisions they're interested in?
>
> From the user perspective, I want to look at things like:
>
> - How do I find out what (if any) security issues affect the software
> I'm currently running (through Guix)?
>
> - How can I get notified when a new security issue affects the software
> I'm currently running (through Guix)?
>
> Please let me know if you have any comments or questions!
I think this is a great plan! The last two points in particular are
particularly useful, I think.
Everyone needs security. I think Guix is in a unique position where it
is so easy to modify packages that (in theory, at least) anyone who
cares can figure out how to submit a change to upgrade and fix security
vulnerabilities.
People and companies are more likely to go out of their way to fix
packages they care about. Therefore, making it easy to identify
vulnerabilities in specifically the packages they care about, and making
it easier to get involved in the community to fix them, are important
goals.
--
Chris
signature.asc
Description: PGP signature