[Nix-dev] Openssl and fast security updates

Peter Simons simons at cryp.to
Thu Jun 5 20:04:29 CEST 2014

Hi Luca,

 > It takes too much time to deliver the new packages from the nixos
 > channel, and it would take equally long to compile them on production
 > servers.

that OpenSSL update was committed 5 hours ago. Isn't it a wee bit early
to say that the update takes "too much time"?

Also, note that you don't have to wait for the channel to update to get
binaries. Running

 $ nix-build nixos -A system -I nixpkgs=$PWD --dry-run --option binary-caches http://hydra.nixos.org

in a checked-out copy of the release-14.04 branch shows that a good
portion of Nixpkgs has been compiled by Hydra already, and compiling the
rest locally is not a serious problem, IMHO.

I agree that the ability to make quick-and-dirty replacements of core
libraries in a running system would be nice to have. Personally, I doubt
I'd ever bother with that kind of hackery though, because the normal
update channels are quick enough, IMHO.

Best regards,

More information about the nix-dev mailing list