[Nix-dev] Openssl and fast security updates
Vladimír Čunát
vcunat at gmail.com
Thu Jun 5 23:39:34 CEST 2014
On 06/05/2014 10:50 PM, Ertugrul Söylemez wrote:
> I think a nice solution would be to add build priorities to Hydra. When a security update is required quickly, then update the OpenSSL expression, assign a high build priority to OpenSSL and the common server packages and let Hydra do the building. Most people will build on weaker machines, so I think that "waiting for Hydra" is the way to go, even when you can't watch the actual build process and thus feel that nothing is happening.
Hydra has and uses priorities. Anyway, building OpenSSL itself is very
quick, but rebuilding all that (transitively) depends on it is worse.
And there are CVE fixes for stdenv stuff sometimes (glibc)...
Also, as noted, channel will NOT update until all packages are finished
and tests succeed. For a big rebuild that takes days. Some
non-deterministic test failures can delay it, too.
Vlada
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3251 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20140605/5ecfd0cf/attachment.bin
More information about the nix-dev
mailing list