[Nix-dev] Openssl and fast security updates

Michael Raskin 7c6f434c at mail.ru
Fri Jun 6 06:56:31 CEST 2014


>Note that we're currently not just waiting for Hydra, but also for the
>delayed appearance on the official cache.nixos.org, which AFAIK can
>take something like a day.

As far as I understand, this delay is the delay of Hydra building the 
entire channel. I.e. fresh Nginx will not go to the cache until 
LibreOffice in the same channel is also rebuilt.

>2014-06-05 22:50 GMT+02:00 Ertugrul Söylemez <ertesx at gmx.de>:
>> On Thu, 5 Jun 2014 21:01:59 +0100
>> Shell Turner <cam.turn at gmail.com> wrote:
>>
>>> So is the argument that it should be possible to update the channel
>>> with the new package definition before the binary cache has finished
>>> building, thus letting people rebuild their systems locally if need
>>> be? That seems reasonable.
>>
>> I think a nice solution would be to add build priorities to Hydra.  When a security update is required quickly, then update the OpenSSL expression, assign a high build priority to OpenSSL and the common server packages and let Hydra do the building.  Most people will build on weaker machines, so I think that "waiting for Hydra" is the way to go, even when you can't watch the actual build process and thus feel that nothing is happening.
>>
>> All we need is to make sure that Hydra builds those quickly enough.





More information about the nix-dev mailing list