[Nix-dev] Proposal: Highly available security-specific trusted build infrastructure

Graham Christensen graham at grahamc.com
Thu Oct 20 13:05:39 CEST 2016


Hi Jascha,

After each vulnerability roundup (
https://github.com/NixOS/nixpkgs/issues/19678 was from yesterday) I try to
watch hydra and make sure they get released soon. The last commit pushed
out from hydra was the last commit from that roundup.

Yesterday we went through ~20 vulnerabilities, and today I'm watching Hydra
to identify problems potentially keeping the channel update done.

I'm only able to do these vulnerability hunts and fixes once a week, is
part of why there  aren't more for the remainder of the week. Additionally,
if you are able to volunteer time -- keeping an eye on build failures at
https://hydra.nixos.org/jobset/nixos/release-16.09 and fixing them as they
come up, that would also hasten the release process.

Thank you,
Graham

On Thu, Oct 20, 2016 at 4:18 AM Jascha Geerds <jascha at jgeerds.name> wrote:

> I'm also not sure if another Hydra instance would be the right way. On
> the other hand, I would appreciate more frequent (security) updates for
> NixOS 16.09. Currently, the channel stucks for over a week for whatever
> reason...
>
> Same applies for nixpkgs-unstable where tests randomly (?) fail too
> which prevents channel updates. But that's another story.
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20161020/5df9179f/attachment.html>


More information about the nix-dev mailing list