So is the argument that it should be possible to update the channel with the new package definition before the binary cache has finished building, thus letting people rebuild their systems locally if need be? That seems reasonable.
For the moment, though, checking out the release-14.04 branch from git and building from that is exactly equivalent. Shell On 5 June 2014 20:05, Luca Bruno <[email protected]> wrote: > No, it's not too early. Other distros immediately packaged the new version > and provided it in their security channel. > It's never too early when it concerns security. > > > On Thu, Jun 5, 2014 at 8:04 PM, Peter Simons <[email protected]> wrote: >> >> Hi Luca, >> >> > It takes too much time to deliver the new packages from the nixos >> > channel, and it would take equally long to compile them on production >> > servers. >> >> that OpenSSL update was committed 5 hours ago. Isn't it a wee bit early >> to say that the update takes "too much time"? >> >> Also, note that you don't have to wait for the channel to update to get >> binaries. Running >> >> $ nix-build nixos -A system -I nixpkgs=$PWD --dry-run --option >> binary-caches http://hydra.nixos.org >> >> in a checked-out copy of the release-14.04 branch shows that a good >> portion of Nixpkgs has been compiled by Hydra already, and compiling the >> rest locally is not a serious problem, IMHO. >> >> I agree that the ability to make quick-and-dirty replacements of core >> libraries in a running system would be nice to have. Personally, I doubt >> I'd ever bother with that kind of hackery though, because the normal >> update channels are quick enough, IMHO. >> >> Best regards, >> Peter >> >> _______________________________________________ >> nix-dev mailing list >> [email protected] >> http://lists.science.uu.nl/mailman/listinfo/nix-dev > > > > > -- > www.debian.org - The Universal Operating System > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev > _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
