On 08/31/2014 11:40 PM, Chris Double wrote:
This seems a great policy when there are people backporting security fixes to older versions of software. I don't believe this is the case for NixOS.
That is a misunderstanding. The main purpose of the stable YY.MM branches *is* to apply security backports, especially for the more important packages, such as kernel, glibc, etc. In case the upstream doesn't provide them, we just take patches from distros that do the backporting ;-)
Safe bugfix-only updates are also suitable for stable branch, although AFAIK we currently apply only small part of non-security suitable updates from master. Perhaps it's even better to be conservative.
Vladimir
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev