[Nix-dev] Openssl and fast security updates
Aristid Breitkreuz
aristidb at gmail.com
Thu Jun 5 20:22:39 CEST 2014
Perhaps there is a case to be made that the hydra.nixos.org ->
CloudFront delay is too long.
2014-06-05 20:04 GMT+02:00 Peter Simons <simons at cryp.to>:
> Hi Luca,
>
> > It takes too much time to deliver the new packages from the nixos
> > channel, and it would take equally long to compile them on production
> > servers.
>
> that OpenSSL update was committed 5 hours ago. Isn't it a wee bit early
> to say that the update takes "too much time"?
>
> Also, note that you don't have to wait for the channel to update to get
> binaries. Running
>
> $ nix-build nixos -A system -I nixpkgs=$PWD --dry-run --option binary-caches http://hydra.nixos.org
>
> in a checked-out copy of the release-14.04 branch shows that a good
> portion of Nixpkgs has been compiled by Hydra already, and compiling the
> rest locally is not a serious problem, IMHO.
>
> I agree that the ability to make quick-and-dirty replacements of core
> libraries in a running system would be nice to have. Personally, I doubt
> I'd ever bother with that kind of hackery though, because the normal
> update channels are quick enough, IMHO.
>
> Best regards,
> Peter
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
More information about the nix-dev
mailing list