[Nix-dev] Security channel proposal

Michael Raskin 7c6f434c at mail.ru
Thu Sep 25 14:41:30 CEST 2014


>It sounds like a necessary evil.
>
>Another option would be to make Hydra super fast... What has been explored
>to optimize compile speeds? Using distcc, ccache, SSD, elastic scaling?
>
>What if we had a security build fund that we could use to briefly run 500
>machines to complete security builds? Would that allow 2-hour security
>rollouts?

I bet against our package set being buildable in 2 hours — because of
time-critical path likely hitting some non-parallelizable package.

Libreoffice build is inherently a single-machine task, so to speed it
up you need something like two octocore CPUs in the box.

And we have many gcc builds in the stdenv buld path — these builds have
to run in a sequence. 

With such a goal, we would need to recheck all the dependency paths and
optimise the bottlenecks.

Maybe making dependency replacement work reliably (symlinking into 
a special directory and referring to this directory?) is more feasible…





More information about the nix-dev mailing list