The page https://nixos.org/wiki/Security_Updates isn't very user friendly.
It requires too much of the user (treats servers like pets and not like
cattle):
1. Monitor package vulnerabilities.
2. Manually override the packages that have vulnerabilities. Rebuild.
3. Manually remove the the override
On 04/11/2015 01:13 AM, Roger Qiu wrote:
The page https://nixos.org/wiki/Security_Updates isn't very user
friendly. It requires too much of the user (treats servers like pets and
not like cattle):
1. Monitor package vulnerabilities.
2. Manually override the packages that have vulnerabilities.
On 12 April 2015 at 11:57, Nicolas Pierron nicolas.b.pier...@gmail.com wrote:
On Sun, Apr 12, 2015 at 7:45 PM, James Cook james.c...@utoronto.ca wrote:
Side questions:
- Why does stdenv.mkDerivation need to be clever? Why not just blindly
apply all the fixes to every package?
The
On 10 April 2015 at 14:16, Nicolas Pierron nicolas.b.pier...@gmail.com wrote:
Hi,
On Fri, Apr 10, 2015 at 7:12 PM, CodeHero codeh...@nerdpol.ch wrote:
So, after this huge update delay for nixos-unstable I think we should
talk about improving the way security updates are handled. One can
Dependency replacement has me pretty confused. If someone will indulge
me, I want to make sure I understand the above point, or at least how
replace-dependency.nix works (assuming that's what you're talking
about).
First of all, am I correct in assuming that replace-dependency.nix
works by
On Sun, Apr 12, 2015 at 7:45 PM, James Cook james.c...@utoronto.ca wrote:
Side questions:
- Why does stdenv.mkDerivation need to be clever? Why not just blindly
apply all the fixes to every package?
The substitution is not as simple as doing a mapAttrs, as this would
lead to infinite loops,
On Sat, Apr 11, 2015 at 12:57 AM Jonathan Glines auntie...@gmail.com
wrote:
2015/04/10 15:54 Bjørn Forsman bjorn.fors...@gmail.com:
On 10 April 2015 at 23:35, Jonathan Glines auntie...@gmail.com wrote:
[...]
I think it would be useful to have a bump bot for nixpkgs that could
scan
Hi,
On 10 Apr 2015, at 21:40, Domen Kožar do...@dev.si wrote:
This is extremely important for companies. It's why Gentoo has failed so bad
in any commercial environment.
I agree in general, but would like to make a specific annotation: I like the
Gentoo security update model _a lot_ more
On Fri, Apr 10, 2015 at 3:49 PM, Christian Theune c...@flyingcircus.io
wrote:
Hi,
On 10 Apr 2015, at 21:40, Domen Kožar do...@dev.si wrote:
This is extremely important for companies. It's why Gentoo has failed so
bad in any commercial environment.
I agree in general, but would like to
Hi,
On 10 Apr 2015, at 21:52, Domen Kožar do...@dev.si wrote:
Yup - which translates to: if you're using Gentoo you're rolling your own
security updates. That's why the adoption is really low.
Right. Obviously I’d like to have eat my cake and have it. My gain is a
support-horizon for a
On Fri, Apr 10, 2015 at 4:03 PM, Christian Theune c...@flyingcircus.io
wrote:
Hi,
On 10 Apr 2015, at 21:52, Domen Kožar do...@dev.si wrote:
Yup - which translates to: if you're using Gentoo you're rolling your own
security updates. That's why the adoption is really low.
Right. Obviously
On 10 Apr 2015, at 22:07, Domen Kožar do...@dev.si wrote:
I can fully agree - which basically translates to: once enough companies we
using Nix we can sit down and write this up :)
Can’t follow you here. Write what up?
I’m not decided whether more tooling/automation for monitoring
On Fri, Apr 10, 2015 at 4:09 PM, Christian Theune c...@flyingcircus.io
wrote:
On 10 Apr 2015, at 22:07, Domen Kožar do...@dev.si wrote:
I can fully agree - which basically translates to: once enough companies
we using Nix we can sit down and write this up :)
Can’t follow you here. Write
So the next level on discussion from there would be: what kind of tooling
to people expect and what workflow should they support?
Is there anything in peoples heads already? Is that something that I just
missed by being late to the game and the “work just needs to be done”? Or
are we at
Hi,
On Fri, Apr 10, 2015 at 7:12 PM, CodeHero codeh...@nerdpol.ch wrote:
So, after this huge update delay for nixos-unstable I think we should
talk about improving the way security updates are handled. One can
currently install security upgrades by using the instructions on this
page
2015-04-10 14:20 GMT-06:00 Christian Theune c...@flyingcircus.io:
Hi,
On 10 Apr 2015, at 22:16, Domen Kožar do...@dev.si wrote:
That's what I meant - sitting down together (sprints!) and writing those
tools to help us automate security vulns monitoring for Nix.
So the next level on
On 10 April 2015 at 23:35, Jonathan Glines auntie...@gmail.com wrote:
[...]
I think it would be useful to have a bump bot for nixpkgs that could
scan meta data and catalog exactly which packages are out of date. The
bot would pull data from multiple sources (package mirrors, other
distros,
This Bump bot could open PRs on GIthub (I know, even more PRs...), it's the
best place to be sure a person looks at it.
It might make sense to start writing down our ideas into a Google Doc?
N.
On Fri, Apr 10, 2015 at 11:36 PM Jonathan Glines auntie...@gmail.com
wrote:
2015-04-10 14:20
2015/04/10 15:54 Bjørn Forsman bjorn.fors...@gmail.com:
On 10 April 2015 at 23:35, Jonathan Glines auntie...@gmail.com wrote:
[...]
I think it would be useful to have a bump bot for nixpkgs that could
scan meta data and catalog exactly which packages are out of date. The
bot would pull
19 matches
Mail list logo