[Nix-dev] Openssl and fast security updates

Michael Raskin 7c6f434c at mail.ru
Fri Jun 6 13:13:11 CEST 2014


>>> When we use priorities generously we could avoid a lot of delay even in
>>> less critical cases.
>>>
>>
>> The main problem I see is that normally you don't want to release a
>> channel until *all* parts have rebuilt.
>>
>
>+1 Rebuilding for a server that runs, say ssh, apache, nginx, postfix and a
>few such services takes maybe 2% of the time required to build a full
>desktop distribution.
>
>I think being able to release packages used on public facing servers could
>be prioritized over, say LibreOffice, Qt, Webkit etc.
>
>If the system environment is not "polluted" by the desktop packages, it
>could be possible to upgrade the system environment before user
>environments that needs one or two orders of magnitude more time to compile.
>
>Calculating the transitive closure for all nixos modules / services run by
>systemd is one way to prioritize.  A populatiry contest could be added to
>that.

Maybe having a channel which is a subset of the main channel and
includes at least ssh, apache, nginx, postgresql, mysql, and some ftp
server would be a nice start?





More information about the nix-dev mailing list