[Nix-dev] Improving security updates
CodeHero
codehero at nerdpol.ch
Fri Apr 10 19:12:10 CEST 2015
So, after this huge update delay for nixos-unstable I think we should
talk about improving the way security updates are handled. One can
currently install security upgrades by using the instructions on this
page (https://nixos.org/wiki/Security_Updates), but it's a lot of work
to find all the libs that need those updates; and flagging packages as
security updates will most likely not work without a dedicated security
team.
We've been brainstorming a little bit on the irc
(https://botbot.me/freenode/nixos/2015-04-10/?msg=36316600&page=4), and
we came up with a few ideas. I personally like the extra security branch
idea, but i'm not sure how it would work out
(https://botbot.me/freenode/nixos/2015-04-10/?msg=36318539&page=5), so
that's why I'm asking here. Maybe somebody has some ideas and the
know-how to make things better.
The question is: who has suggestions on how to improve the installation
of critical security updates; who knows how to implement the best
suggestion; and who will maintain it?
More information about the nix-dev
mailing list