On 06/02/2017 06:54 PM, Frank wrote: > Op 1-6-2017 om 23:32 schreef Leo Gaspard: >> Hi all, >> >> I just wanted to point out an issue with hydra: it doesn't make any >> distinction between security updates and normal changes. > > Why is this an issue? Security-updates are just as likely to introduce > bugs as every other update.
If I have to choose between having a security vulnerability and having some installer tests that don't build (as these seem to be the source of most test failures)... I know what I'd rather have (especially given install images aren't generated from every commit of nixpkgs), don't you think? If the only change is a security patch as released by the vendor, I think it may even be worth it to short-circuit all the tests in some cases, as a flawed system is (in my mind at least) strictly worse than a buggy system (except if the buggy system is rm -Rf /* ; but well, that kind of security patch wouldn't live a second on oss-security)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl https://mailman.science.uu.nl/mailman/listinfo/nix-dev