[Dev] Goals/direction for the coming year

Nicolás A. Ortega deathsbreed at themusicinnoise.net
Fri Mar 31 13:59:13 GMT 2017

On Fri, Mar 31, 2017 at 01:59:37PM +0100, Josh Branning wrote:
> Instead of
> 'we know there are lots of different vulnerabilities with software so we
> should decide to fix none of them'
> I feel we should aim for
> 'we know there are lots of different vulnerabilities with software, so we
> should try and fix all of them, failing that, we should at least try to fix
> some of them'

I am not saying to not fix any of them, I'm saying there are better ways
in which we can allocate our resources (namely the time we have).
Solving an issue that has low risk but requires quite a bit of time,
energy, as well as other resources, seems like a waste to me. With
reproducible builds it's a decently large cost for almost no return
because of all the flaws it has to begin with.

In the end we end up trusting our own compilers, which means it's the
same as compiling from source. So why not make it easier to install
packages from source? Write a quick script for `abs' and alike?

It simply does not seem like a pragmatic decision to me, and although the
idea is not bad it needs to be elaborated and thought through more
thoroughly on a solution to the problem that they are trying to solve. A
problem was found and a half-baked solution was created.

Yes, I realize that no security system is perfect and there will always
be holes, and that that shouldn't stop us from trying to patch that
which we can. However, in this case I view the solution as being too
premature and requiring further development so that it can cover a good
portion of the holes.

Nicolás A. Ortega (Deathsbreed)
Public PGP Key:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20170331/91eda0d6/attachment.sig>

More information about the Dev mailing list