[Nix-dev] Hydra and security updates
Frank
frank87 at xs4all.nl
Sat Jun 3 01:55:57 CEST 2017
Op 3-6-2017 om 0:59 schreef Leo Gaspard:
> On 06/02/2017 06:54 PM, Frank wrote:
>> Op 1-6-2017 om 23:32 schreef Leo Gaspard:
>>> Hi all,
>>>
>>> I just wanted to point out an issue with hydra: it doesn't make any
>>> distinction between security updates and normal changes.
>> Why is this an issue? Security-updates are just as likely to introduce
>> bugs as every other update.
> If I have to choose between having a security vulnerability and having
> some installer tests that don't build (as these seem to be the source of
> most test failures)... I know what I'd rather have (especially given
> install images aren't generated from every commit of nixpkgs), don't you
> think?
You mean al the tests that didn't catch the bug in the first place? Or
the tests that assure the fix will be installed without problems?
If the testing is a problem for distributing the software, the tests are
probably wrong. You can't fix things by testing, so don't try to repeat
and improve the upstream testing (not during distribution at least).
The focus of the distribution is, distributing software, that installs
well on all target systems. And if your fix breaks some systems it
doesn't matter how important it is for security.
I really agree, it's important to roll out security fixes fast. But I
don't see why other updates should be very time consuming.
Greetings,
Frank
More information about the nix-dev
mailing list