Re: [Nix-dev] Hydra and security updates

On 17-06-04 12:35am, Nicolas Pierron wrote: > So currently, this project is held by a dead-lock between people > asking me to demonstrate a large scale example, and having the > infrastructure to doing so. I think most of the lockup stems from people not really knowing what your framework means

Re: [Nix-dev] Hydra and security updates

On Sun, Jun 4, 2017 at 1:17 AM, Bjørn Forsman wrote: > On 4 June 2017 at 00:35, Nicolas Pierron wrote: >> So I started SOS [1] to make Nixpkgs more >> declarative. Thus removing some of the function overhead from >> packages, which would help

Re: [Nix-dev] Hydra and security updates

On 4 June 2017 at 00:35, Nicolas Pierron wrote: > So I started SOS [1] to make Nixpkgs more > declarative. Thus removing some of the function overhead from > packages, which would help fixing a lot of the issues reported by the > static-analysis. I think you forgot

Re: [Nix-dev] Hydra and security updates

On Sat, Jun 3, 2017 at 1:26 PM, Graham Christensen wrote: > This is part of my inclination of not really loving PR#10851, it is > complicated and goes around the normal proceses, even when we can easily > deploy fairly quickly. The problem that I have with the current

Re: [Nix-dev] Hydra and security updates

On Sat, Jun 3, 2017 at 12:54 AM, Leo Gaspard wrote: > On 06/02/2017 12:05 PM, Domen Kožar wrote: >>> I see two ways of doing this: either having hydra somehow handle with >>> special care security updates (hard to do) >> >> https://github.com/NixOS/nixpkgs/pull/10851 > > This

Re: [Nix-dev] Hydra and security updates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Leo Gaspard writes: > I just wanted to point out an issue with hydra: it doesn't make any > distinction between security updates and normal changes. > > For example, [1] was released two days ago. Despite the fix landing two >

Re: [Nix-dev] Hydra and security updates

So, the assumption is: "security updates hardly should break stuff, so we can apply them without tests" And desire is: "don't publish untested changes to channel" This clearly leads to necessity of two channels, just as described in

Re: [Nix-dev] Hydra and security updates

On 06/03/2017 01:55 AM, Frank wrote: > Op 3-6-2017 om 0:59 schreef Leo Gaspard: >> On 06/02/2017 06:54 PM, Frank wrote: >>> Op 1-6-2017 om 23:32 schreef Leo Gaspard: Hi all, I just wanted to point out an issue with hydra: it doesn't make any distinction between security updates

Re: [Nix-dev] Hydra and security updates

Op 3-6-2017 om 0:59 schreef Leo Gaspard: On 06/02/2017 06:54 PM, Frank wrote: Op 1-6-2017 om 23:32 schreef Leo Gaspard: Hi all, I just wanted to point out an issue with hydra: it doesn't make any distinction between security updates and normal changes. Why is this an issue? Security-updates

Re: [Nix-dev] Hydra and security updates

On 06/02/2017 12:05 PM, Domen Kožar wrote: >> I see two ways of doing this: either having hydra somehow handle with >> special care security updates (hard to do) > > https://github.com/NixOS/nixpkgs/pull/10851 This looks great! Unfortunately, it doesn't appear to be close to merging (esp. as it

Re: [Nix-dev] Hydra and security updates

Op 1-6-2017 om 23:32 schreef Leo Gaspard: Hi all, I just wanted to point out an issue with hydra: it doesn't make any distinction between security updates and normal changes. Why is this an issue? Security-updates are just as likely to introduce bugs as every other update. Greetings,

Re: [Nix-dev] Hydra and security updates

> I see two ways of doing this: either having hydra somehow handle with > special care security updates (hard to do) https://github.com/NixOS/nixpkgs/pull/10851 > , or having master and stable branches *always* build. For that we'd need to have infrastructure that builds PRs and reports status

Re: [Nix-dev] Hydra and security updates

On Thu, Jun 1, 2017, at 23:32, Leo Gaspard wrote: > Hi all, > > [ ... ] I think this is relevant to your interests: https://github.com/NixOS/nixpkgs/pull/10851 On a side note, I don't know why anybody would actually run nixos-unstable; it gets stuck for long periods of time quite often ... I