[Nix-dev] Openssl and fast security updates

[Mathijs Kwik]

Michael Raskin <7c6f434c at mail.ru> writes:

>>>> When we use priorities generously we could avoid a lot of delay even in
>>>> less critical cases.
>>>>
>>>
>>> The main problem I see is that normally you don't want to release a
>>> channel until *all* parts have rebuilt.
>>>
>>
>>+1 Rebuilding for a server that runs, say ssh, apache, nginx, postfix and a
>>few such services takes maybe 2% of the time required to build a full
>>desktop distribution.
>>
>>I think being able to release packages used on public facing servers could
>>be prioritized over, say LibreOffice, Qt, Webkit etc.
>>
>>If the system environment is not "polluted" by the desktop packages, it
>>could be possible to upgrade the system environment before user
>>environments that needs one or two orders of magnitude more time to compile.
>>
>>Calculating the transitive closure for all nixos modules / services run by
>>systemd is one way to prioritize.  A populatiry contest could be added to
>>that.
>
> Maybe having a channel which is a subset of the main channel and
> includes at least ssh, apache, nginx, postgresql, mysql, and some ftp
> server would be a nice start?

How are people supposed to use that channel?
I don't think I can _add_ a secondary channel which provides a
conflicting source (nixos). Switching back and forth doesn't sound
easy.

Also, this would just make your system start to build all the additional
packages (not built by this new channel) by itself. No matter how much
stuff gets pre-built, a channel always contains a specific nixpkgs
version, so with or without binary archives, a nixos-rebuild _will_
build everything for that release.


>
>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev