[Nix-dev] Improving security updates

[Domen Kožar]

This is extremely important for companies. It's why Gentoo has failed so
bad in any commercial environment.

Everyone I talk to about Nix (in my past long experience at conferences,
meetups, etc), they'd raise two questions:

- How does it compare with docker and can it be used together?

- How do you handle security updates

I have poor answers to both questions as both topics are currently done
very poorly. A lot to improve here, I think we should
start with meta-issues for discussion and general todos.

On Fri, Apr 10, 2015 at 1:12 PM, CodeHero <codehero at nerdpol.ch> wrote:

> So, after this huge update delay for nixos-unstable I think we should
> talk about improving the way security updates are handled. One can
> currently install security upgrades by using the instructions on this
> page (https://nixos.org/wiki/Security_Updates), but it's a lot of work
> to find all the libs that need those updates; and flagging packages as
> security updates will most likely not work without a dedicated security
> team.
>
> We've been brainstorming a little bit on the irc
> (https://botbot.me/freenode/nixos/2015-04-10/?msg=36316600&page=4), and
> we came up with a few ideas. I personally like the extra security branch
> idea, but i'm not sure how it would work out
> (https://botbot.me/freenode/nixos/2015-04-10/?msg=36318539&page=5), so
> that's why I'm asking here. Maybe somebody has some ideas and the
> know-how to make things better.
>
> The question is: who has suggestions on how to improve the installation
> of critical security updates; who knows how to implement the best
> suggestion; and who will maintain it?
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150410/587ee309/attachment.html