[Nix-dev] Policy for updates in 14.04 (was: Keeping nixpkgs up to date)

[Chris Double]

On Mon, Sep 1, 2014 at 3:57 AM, Peter Simons <simons at cryp.to> wrote:
>
> the stable release branch is not supposed to have up-to-date software.
> Its purpose is to provide a software environment that is *stable*.
> Packages in the release branch should be modified only if the update
> fixes an important bug, like a security vulnerability, i.e. when the
> cost of sticking to the old version is obviously higher than the risk of
> breaking someone's system with an update. If that is not the case, then
> the update should probably not go to the release branch.

This seems a great policy when there are people backporting security
fixes to older versions of software. I don't believe this is the case
for NixOS. This means that if a security fix is required it may be
many versions ahead of what is in 14.04 and has more chance of causing
breakage. What's worse is it will happen at a bad time - when a
security fix is needed.

For a distro that doesn't backport security fixes I would think that
updating minor versions of the software to take those fixes from the
software provider would be an ok strategy. What is the policy with
regards to security updates with NixOS?