Thank you so much! I've been running a staging server on this branch for a few weeks and all of the issues I had were addressed in your branch before I had time to flag them.
This is really fantastic work not just for my servers but also for my ability to argue that NixOS has a story for security. Lastly I also think that it's an amazing testament to the leverage Nix provides that a small group of dedicated people can harden so many packages with a few months of work (not downplaying the work involved!). ~ On 22 August 2016 at 12:31, Franz Pletz <[email protected]> wrote: > Hi, > > yesterday the hardening-stdenv branch was merged to staging and is > slated to hit master soon. Here is the pull requests with lots of > comments: https://github.com/NixOS/nixpkgs/pull/12895 > > This is a work globin and myself did for the last 6 months. We have > been running that branch on our laptops and on production servers for > months now and fixed many compilation and runtime errors in the > process. We think it is ready now and should be included in he upcoming > 16.09 release. > > For background information and how to fix your packages if they fail > now (i.e. runtime errors we didn't catch), we have written documentation > that is available in the nixpkgs manual: > > https://hydra.nixos.org/build/38504599/download/1/nixpkgs/ > manual.html#sec-hardening-in-nixpkgs > > If you package new software and encounter unexpected compiler errors, > chances are you hit some problem with a hardening flag. In the manual > you will find the compiler errors we have encountered most of the time > for every hardening flag. > > Should you encounter problems or have any other issues with the > hardening flags, please open an issue in the nixpkgs repo and ping > @globin and @fpletz. We have to fix those before 16.09. ;) > > Cheers, > Franz > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev > >
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
