[Nix-dev] Openssl and fast security updates

Alexander Kjeldaas ak at formalprivacy.com
Fri Jun 6 11:05:05 CEST 2014


On Fri, Jun 6, 2014 at 10:20 AM, Vladimír Čunát <vcunat at gmail.com> wrote:

> On 06/06/2014 08:59 AM, Ertugrul Söylemez wrote:
>
>> When we use priorities generously we could avoid a lot of delay even in
>> less critical cases.
>>
>
> The main problem I see is that normally you don't want to release a
> channel until *all* parts have rebuilt.
>

+1 Rebuilding for a server that runs, say ssh, apache, nginx, postfix and a
few such services takes maybe 2% of the time required to build a full
desktop distribution.

I think being able to release packages used on public facing servers could
be prioritized over, say LibreOffice, Qt, Webkit etc.

If the system environment is not "polluted" by the desktop packages, it
could be possible to upgrade the system environment before user
environments that needs one or two orders of magnitude more time to compile.

Calculating the transitive closure for all nixos modules / services run by
systemd is one way to prioritize.  A populatiry contest could be added to
that.

Alexander


>
> We do have meta.schedulingPriority, but it's used little, and from earlier
> discussions I think it's really hard to objectively determine which
> packages are more important than others ;-)
>
> BTW, aborting jobs would need to be done very carefully, because we have
> some jobs that run for hours, so that could lead to wasting lots of time.
>
>
> Vlada
>
>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20140606/5c9bdeae/attachment-0001.html 


More information about the nix-dev mailing list