[Nix-dev] Openssl and fast security updates
simons at cryp.to
Thu Jun 5 20:04:29 CEST 2014
> It takes too much time to deliver the new packages from the nixos
> channel, and it would take equally long to compile them on production
that OpenSSL update was committed 5 hours ago. Isn't it a wee bit early
to say that the update takes "too much time"?
Also, note that you don't have to wait for the channel to update to get
$ nix-build nixos -A system -I nixpkgs=$PWD --dry-run --option binary-caches http://hydra.nixos.org
in a checked-out copy of the release-14.04 branch shows that a good
portion of Nixpkgs has been compiled by Hydra already, and compiling the
rest locally is not a serious problem, IMHO.
I agree that the ability to make quick-and-dirty replacements of core
libraries in a running system would be nice to have. Personally, I doubt
I'd ever bother with that kind of hackery though, because the normal
update channels are quick enough, IMHO.
More information about the nix-dev