[Nix-dev] Openssl and fast security updates
Luca Bruno
lethalman88 at gmail.com
Thu Jun 5 21:05:34 CEST 2014
No, it's not too early. Other distros immediately packaged the new version
and provided it in their security channel.
It's never too early when it concerns security.
On Thu, Jun 5, 2014 at 8:04 PM, Peter Simons <simons at cryp.to> wrote:
> Hi Luca,
>
> > It takes too much time to deliver the new packages from the nixos
> > channel, and it would take equally long to compile them on production
> > servers.
>
> that OpenSSL update was committed 5 hours ago. Isn't it a wee bit early
> to say that the update takes "too much time"?
>
> Also, note that you don't have to wait for the channel to update to get
> binaries. Running
>
> $ nix-build nixos -A system -I nixpkgs=$PWD --dry-run --option
> binary-caches http://hydra.nixos.org
>
> in a checked-out copy of the release-14.04 branch shows that a good
> portion of Nixpkgs has been compiled by Hydra already, and compiling the
> rest locally is not a serious problem, IMHO.
>
> I agree that the ability to make quick-and-dirty replacements of core
> libraries in a running system would be nice to have. Personally, I doubt
> I'd ever bother with that kind of hackery though, because the normal
> update channels are quick enough, IMHO.
>
> Best regards,
> Peter
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
--
www.debian.org - The Universal Operating System
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20140605/7a641093/attachment.html
More information about the nix-dev
mailing list