[Nix-dev] Improving security updates

CodeHero codehero at nerdpol.ch
Fri Apr 10 19:12:10 CEST 2015


So, after this huge update delay for nixos-unstable I think we should 
talk about improving the way security updates are handled. One can 
currently install security upgrades by using the instructions on this 
page (https://nixos.org/wiki/Security_Updates), but it's a lot of work 
to find all the libs that need those updates; and flagging packages as 
security updates will most likely not work without a dedicated security 
team.

We've been brainstorming a little bit on the irc 
(https://botbot.me/freenode/nixos/2015-04-10/?msg=36316600&page=4), and 
we came up with a few ideas. I personally like the extra security branch 
idea, but i'm not sure how it would work out 
(https://botbot.me/freenode/nixos/2015-04-10/?msg=36318539&page=5), so 
that's why I'm asking here. Maybe somebody has some ideas and the 
know-how to make things better.

The question is: who has suggestions on how to improve the installation 
of critical security updates; who knows how to implement the best 
suggestion; and who will maintain it?


More information about the nix-dev mailing list