[Nix-dev] Openssl and fast security updates

Shell Turner cam.turn at gmail.com
Thu Jun 5 22:01:59 CEST 2014 

So is the argument that it should be possible to update the channel
with the new package definition before the binary cache has finished
building, thus letting people rebuild their systems locally if need
be? That seems reasonable.

For the moment, though, checking out the release-14.04 branch from git
and building from that is exactly equivalent.

Shell

On 5 June 2014 20:05, Luca Bruno <lethalman88 at gmail.com> wrote:
> No, it's not too early. Other distros immediately packaged the new version
> and provided it in their security channel.
> It's never too early when it concerns security.
>
>
> On Thu, Jun 5, 2014 at 8:04 PM, Peter Simons <simons at cryp.to> wrote:
>>
>> Hi Luca,
>>
>>  > It takes too much time to deliver the new packages from the nixos
>>  > channel, and it would take equally long to compile them on production
>>  > servers.
>>
>> that OpenSSL update was committed 5 hours ago. Isn't it a wee bit early
>> to say that the update takes "too much time"?
>>
>> Also, note that you don't have to wait for the channel to update to get
>> binaries. Running
>>
>>  $ nix-build nixos -A system -I nixpkgs=$PWD --dry-run --option
>> binary-caches http://hydra.nixos.org
>>
>> in a checked-out copy of the release-14.04 branch shows that a good
>> portion of Nixpkgs has been compiled by Hydra already, and compiling the
>> rest locally is not a serious problem, IMHO.
>>
>> I agree that the ability to make quick-and-dirty replacements of core
>> libraries in a running system would be nice to have. Personally, I doubt
>> I'd ever bother with that kind of hackery though, because the normal
>> update channels are quick enough, IMHO.
>>
>> Best regards,
>> Peter
>>
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
>
>
> --
> www.debian.org - The Universal Operating System
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>

More information about the nix-dev mailing list