Re: Limited security support for Go/Rust? Re ssh3

To: debian-devel@lists.debian.org
Subject: Re: Limited security support for Go/Rust? Re ssh3
From: Bastian Blank <waldi@debian.org>
Date: Thu, 25 Jan 2024 07:26:16 +0100
Message-id: <[🔎] 20240125062616.ecnm564ld5ksjwnc@shell.thinkmo.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20240124234020.GC32181@mail.wookware.org>
References: <ZZARdHGmUlUZZa0o@riva.ucam.org> <87cyup5mix.fsf@kaka.sjd.se> <a9c550619c1944fe6db7ea33b27774e0f8d75e6e.camel@posteo.de> <[🔎] 874jfgtffd.fsf_-_@kaka.sjd.se> <[🔎] 20240114111729.rhi7eekkd3h5fpjg@shell.thinkmo.de> <[🔎] 87v87wrl86.fsf@kaka.sjd.se> <[🔎] 20240115091717.tl2rif5mfnz7bwvp@shell.thinkmo.de> <[🔎] ec4237994fdf9ba540a7d31ba7521a53da0b091f.camel@debian.org> <[🔎] 87r0ihegzh.fsf@kaka.sjd.se> <[🔎] 20240124234020.GC32181@mail.wookware.org>

On Wed, Jan 24, 2024 at 11:40:20PM +0000, Wookey wrote:
> If it only done for security issues, rather than routinely, then that
> shouldn't be that much extra load (does anyone have any idea how much
> extra building we are talking about? Is it trivial, or huge?)

If we do those rebuilds in stable security we have several bottlenecks:

- We need to get all the other packages into security, need some way to
  trigger rebuilds (I still think we need to kill the current way of
  BinNMU alltogether)
- Those can only build after the fixed package was released (or at least
  completely built)
- DSA are supposed to be available for all updates, so we now need to
  list hundred of packages.
- The separate security archive is severely space limited.
- SRM like to look at all updates as well.

Bastian

-- 
Worlds are conquered, galaxies destroyed -- but a woman is always a woman.
		-- Kirk, "The Conscience of the King", stardate 2818.9

Reply to:

References:
- Limited security support for Go/Rust? Re ssh3
  - From: Simon Josefsson <simon@josefsson.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Bastian Blank <waldi@debian.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Simon Josefsson <simon@josefsson.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Bastian Blank <waldi@debian.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Paul Wise <pabs@debian.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Simon Josefsson <simon@josefsson.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Wookey <wookey@wookware.org>

Prev by Date: Re: icc-profiles_2.2_source.changes REJECTED
Next by Date: Re: Proposal for how to deal with Go/Rust/etc security bugs
Previous by thread: Re: Limited security support for Go/Rust? Re ssh3
Next by thread: Re: Limited security support for Go/Rust? Re ssh3
Index(es):
- Date
- Thread