[Nix-dev] Openssl and fast security updates
Ertugrul Söylemez
ertesx at gmx.de
Fri Jun 6 08:59:45 CEST 2014
On Thu, 05 Jun 2014 23:39:34 +0200
Vladimír Čunát <vcunat at gmail.com> wrote:
> Hydra has and uses priorities. Anyway, building OpenSSL itself is very
> quick, but rebuilding all that (transitively) depends on it is worse.
> And there are CVE fixes for stdenv stuff sometimes (glibc)...
Yes, and the basic idea is that you could have high priority packages like OpenSSL, OpenVPN and nginx. Whenever Hydra sees a job of higher priority it starts doing it (potentially aborting whatever it is currently doing). Once all jobs of the same priority are done, it runs the tests of the same priority and updates the channel. Then it goes to the next highest priority. That way security updates won't take longer than necessary.
When we use priorities generously we could avoid a lot of delay even in less critical cases.
Greets,
Ertugrul
--
Ertugrul Söylemez <ertesx at gmx.de>
More information about the nix-dev
mailing list