[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#43160] Validate the result of our linux-libre sources clean up

From: Mark H Weaver
Subject: [bug#43160] Validate the result of our linux-libre sources clean up
Date: Fri, 04 Sep 2020 11:21:47 -0400

Hi Maxim,

Maxim Cournoyer <> writes:
> I'd like to point you to the following patches, as they touch the
> generation of the linux-libre sources, in case they hadn't caught your
> attention:

Thanks very much for bringing this to my attention.  I do not subscribe
to the guix-patches list, so I would not have seen this otherwise.

I'm in favor of the following patches:

  gnu: linux-libre: Use Python 3 in make-linux-libre-source.
  gnu: make-linux-libre-source: Set output port buffering to line mode.
  gnu: linux-libre: Validate that the cleaned up tarball is free of blobs.

Thanks for these.  Please push them whenever you feel is appropriate.

On other other hand, I'm strongly opposed to the following patch:

  gnu: linux-libre: Compare generated sources against Linux-libre releases.

I'm opposed to it because it would make it prohibitively difficult to
push micro kernel updates (most of which contain potential security
fixes) before Linux-libre has published their tarball release.  It would
also make it prohibitively difficult to perform deblobbed bisections
between two adjacent versions from the upstream stable git repository.

In my opinion, at minimum, the 'linux-libre-upstream-source' argument to
'make-linux-libre-source' should optional.

I find it depressing that Jason's and Alexandre's attempts to browbeat
us to limit ourselves to deblob only the precise tarballs that they
produce, and to always wait for them to produce them before pushing
security fixes (although it takes less than 10 minutes to look over the
upstream commits for new blobs) have gained traction here.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]