[Nix-dev] Openssl and fast security updates

Aristid Breitkreuz aristidb at gmail.com
Thu Jun 5 22:57:22 CEST 2014


Note that we're currently not just waiting for Hydra, but also for the
delayed appearance on the official cache.nixos.org, which AFAIK can
take something like a day.

2014-06-05 22:50 GMT+02:00 Ertugrul Söylemez <ertesx at gmx.de>:
> On Thu, 5 Jun 2014 21:01:59 +0100
> Shell Turner <cam.turn at gmail.com> wrote:
>
>> So is the argument that it should be possible to update the channel
>> with the new package definition before the binary cache has finished
>> building, thus letting people rebuild their systems locally if need
>> be? That seems reasonable.
>
> I think a nice solution would be to add build priorities to Hydra.  When a security update is required quickly, then update the OpenSSL expression, assign a high build priority to OpenSSL and the common server packages and let Hydra do the building.  Most people will build on weaker machines, so I think that "waiting for Hydra" is the way to go, even when you can't watch the actual build process and thus feel that nothing is happening.
>
> All we need is to make sure that Hydra builds those quickly enough.
>
>
> Greets,
> Ertugrul
>
> --
> Ertugrul Söylemez <ertesx at gmx.de>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev


More information about the nix-dev mailing list