On Sat, Jun 3, 2017 at 12:54 AM, Leo Gaspard <[email protected]> wrote: > On 06/02/2017 12:05 PM, Domen Kožar wrote: >>> I see two ways of doing this: either having hydra somehow handle with >>> special care security updates (hard to do) >> >> https://github.com/NixOS/nixpkgs/pull/10851 > > This looks great! > > Unfortunately, it doesn't appear to be close to merging (esp. as it has > merge conflicts), so I guess that's the best solution that isn't coming > up right now? So having master and stable always build may be a current > path forward, not yet as good as this PR but a good stop-gap.
I started a branch at the end of last year, which include these changes and rebased them on top of the latest master, but I gave up as I did not got any feedback for getting any Hydra infrastructure in place to make use of this feature in a testing branch. Having Hydra infra in place would be among the next step to demonstrate the usefulness of this approach, and convince more people to help fix the static-analysis reports. So currently, this project is held by a dead-lock between people asking me to demonstrate a large scale example, and having the infrastructure to doing so. Most of the time, unpatched dependencies from PR#10851 are coming from the fact that dependencies are resolved by functions them-self taken for older generations of the fix-point, breaking the hypothesis on which PR#10851 is based on. So I started SOS [1] to make Nixpkgs more declarative. Thus removing some of the function overhead from packages, which would help fixing a lot of the issues reported by the static-analysis. -- Nicolas Pierron http://www.linkedin.com/in/nicolasbpierron - http://nbp.name/ _______________________________________________ nix-dev mailing list [email protected] https://mailman.science.uu.nl/mailman/listinfo/nix-dev
