On 12 April 2015 at 11:57, Nicolas Pierron <[email protected]> wrote: > On Sun, Apr 12, 2015 at 7:45 PM, James Cook <[email protected]> wrote: >>>> Side questions: >>>> - Why does stdenv.mkDerivation need to be clever? Why not just blindly >>>> apply all the fixes to every package? >>> >>> The substitution is not as simple as doing a "mapAttrs", as this would >>> lead to infinite loops, and would imply that you have to download all >>> the binary version of the fixed packages. >> >> I don't understand the infinite loop part. Don't we want something >> like the following? >> >> pkgs.wget = applyFixesFrom fixes pkgsBeforeFixes.wget >> pkgs.foobar = applyFixesFrom fixes pkgsBeforeFixes.foobar >> ... > > No we don't want something which is independent of the dependencies. > And, in your previous expression, if pkgsBeforeFixes.wget depends on a > library which it-self depend on a vulnerable library, then we want > this one to be fixed as well. > > Because of the previous reason, making the transformation independent > would imply that all packages would have to be build, which is exactly > what we want to avoid as this is either not working / time consuming > (otherwise hydra would have done it).
Right, that makes sense. Thanks for the explanation. James _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
