Current approach seems to be doing the job except notifying people when dependency is updated. Previously we had monitor to do some similar stuff, and I think vulnix can check that without much effort so I wouldn't worry about having duplicated packages for apps. I think focusing on improving CI process and security notifications process is the way to go.
Probably we could set another process/job in hydra to check all apps for security issues/updates. (I'm not sure if security team doesn't have that already). 2017-05-30 10:17 GMT+01:00 Marc Weber <[email protected]>: > Let met try to sum up what I remember: > > - There 3+ solutions to update "sources" documented on the wiki > somewhere - ideas from comparing versions with other distributions up > to adding scrapers getting latest version from web sites if I recall > correctly > > - Putting automatically generated code into nixpkgs doesn't solve all > issues, for corner cases you have to duplicate dependencies using > different version constraints. > > -> overhead > > - Its not always quite clear how stable the user wants to be > (gimp/inskscape) case, master sometimes has new features. > > So which versions to support ? > > - Whatever we do, we don't solve anything for other distros (which > suffer the same problem), unless we switch point of view: > > The solution would be a cross platform cross language dependency > management system allowing to declare dependencies in a file so that > you can even install from gihtub automatically. > > systemPackages = [ (fromGithub "user/package" "HEAD") ] # sort rest out > on your own, thanks > > package A could be working, package B could be working, but [A B] in the > same environment not (because they both depend on executable C) > > After all we want nixpkgs to be at least stable enough to have broken > packages marked as broken and expect everything else to at least > compile/install. > > Which are the best short/middle/long term solutions ? > > Marc Weber > _______________________________________________ > nix-dev mailing list > [email protected] > https://mailman.science.uu.nl/mailman/listinfo/nix-dev > -- Tomasz Czyż
_______________________________________________ nix-dev mailing list [email protected] https://mailman.science.uu.nl/mailman/listinfo/nix-dev
