[Nix-dev] Openssl and fast security updates

Ertugrul Söylemez ertesx at gmx.de
Thu Jun 5 22:50:12 CEST 2014


On Thu, 5 Jun 2014 21:01:59 +0100
Shell Turner <cam.turn at gmail.com> wrote:

> So is the argument that it should be possible to update the channel
> with the new package definition before the binary cache has finished
> building, thus letting people rebuild their systems locally if need
> be? That seems reasonable.

I think a nice solution would be to add build priorities to Hydra.  When a security update is required quickly, then update the OpenSSL expression, assign a high build priority to OpenSSL and the common server packages and let Hydra do the building.  Most people will build on weaker machines, so I think that "waiting for Hydra" is the way to go, even when you can't watch the actual build process and thus feel that nothing is happening.

All we need is to make sure that Hydra builds those quickly enough.


Greets,
Ertugrul

-- 
Ertugrul Söylemez <ertesx at gmx.de>


More information about the nix-dev mailing list