[Nix-dev] Security channel proposal
Michael Raskin
7c6f434c at mail.ru
Thu Sep 25 14:41:30 CEST 2014
>It sounds like a necessary evil.
>
>Another option would be to make Hydra super fast... What has been explored
>to optimize compile speeds? Using distcc, ccache, SSD, elastic scaling?
>
>What if we had a security build fund that we could use to briefly run 500
>machines to complete security builds? Would that allow 2-hour security
>rollouts?
I bet against our package set being buildable in 2 hours — because of
time-critical path likely hitting some non-parallelizable package.
Libreoffice build is inherently a single-machine task, so to speed it
up you need something like two octocore CPUs in the box.
And we have many gcc builds in the stdenv buld path — these builds have
to run in a sequence.
With such a goal, we would need to recheck all the dependency paths and
optimise the bottlenecks.
Maybe making dependency replacement work reliably (symlinking into
a special directory and referring to this directory?) is more feasible…
More information about the nix-dev
mailing list