On 9/9/21 12:45 PM, Neal Gompa wrote: > On Thu, Sep 9, 2021 at 12:42 PM Demi Marie Obenour > <demioben...@gmail.com> wrote: >> >> On 9/8/21 10:49 PM, Bojan Smojver via devel wrote: >>> Just being devil's advocate for a second here... >>> >>> Two days to build FF in koji? Has it gotten that big or are the builds that >>> slow? >>> >>> <duck/> :-) >> >> This is also a security problem: consider a 0day exploit found in the wild. >> >> Should the FF builds be given more resources? Does Mozilla provide a signed >> Flatpak that could be used instead? >> > > Security is not worth anything if the application doesn't work. We > don't ship updates immediately to users after they're built *no matter > what*. They go through the update manager (Bodhi) to get validated for > release.
There are users (such as myself) who have the equivalent of $ sudo dnf -y --best --refresh --enablerepo=updates-testing --security -- upgrade $ sudo dnf -y --best -- upgrade in their update scripts. Also, could the Fedora project itself perform at least basic QA for critical security patches? > Two days for builds is not great, but it's not the end of the world. > Would it be nice if we had more powerful builders? Sure. But it still > would take a minimum of 2 days for something to go out since it needs > to get pushed, pass tests, and get karma to autopush to stable > releases. Can the Firefox build be distributed among multiple machines? Sincerely, Demi Marie Obenour she/her/hers
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
