<ekleog>
maintainer-ping for merge of https://github.com/NixOS/nixpkgs/pull/47273 :) (btw, samueldr, it'd be great if in your guidelines for backporting you included a section about whether updates to software where upstream supports only the latest version and said latest version has a major bump once a month should be backported or not, and if (likely?) not, how to deal with backporting security fixes when
<ekleog>
manpower is just not present to actually backport the patch -- same problem as with other software, but much more present, as about all security fixes become need-to-backport security fixes with this release model)
<samueldr>
yeah, there's definitely a blurriness along those lines; it probably will need some arbitrary rules; something like a points-based system where points are attributed depending on misc. arbitrary but specific and unarguable(?) criterias
<samueldr>
e.g. services (like spotify) where a client update is required to access the third-party servers get X points
<samueldr>
no good source of security updates
<samueldr>
I guess a whole book could be written on the subject :)
<samueldr>
one of the criteia I had in mind (minutes ago) was: handles third-party content (security concerns with badly formatted content), but who am I kidding? a good chunk of software these days is made to "open stuff", so they'd all match
<ekleog>
for security point attribution, you can use the CVSS score (just have to define whether to take v2, v3 or a combination of both)
<samueldr>
and backporting means more than simply thinking about "security"; e.g. the spotify example, where the software requires an update to use the service: even if security is fine, the software could be useless :/
<samueldr>
it's more of a "if we don't backport, what kind of inconveniences would an end-user face?"
<ekleog>
indeed, usability is another factor that could make points increase
<samueldr>
which is a balancing act, if a number of smaller updates are skipped due to there being no security issues, do we make the large jump at the first security issue?
<ekleog>
I guess the problem is also along the lines of “how much points should it take to make a patch/minor/major update?”, then (as well as whether Y in 0.Y.Z should be considered as major or minor)
<samueldr>
^ and that is only about right if the software follows semver properly :/
<ekleog>
well, yeah, but I think we can assume that because otherwise it'd become impossible to write guidelines, wouldn't it? ^^
<samueldr>
or that we need to take it into consideration and write it without any versioning consideration to reduce rules lawyering
<ekleog>
hmm so it would need to count negative points for changelog items?
<ekleog>
I mean, having a clear system to know whether or not to backport something would be a good thing IMO, even if it ends up in a somehow rigid system at least the “the rules say X” would be uncontroversial -- and the rules could be adjusted later on :)
<ekleog>
what happened in practice with synapse was no update, and then a big update when a security issue came in
<samueldr>
(I'm thinking about one specific thing I maintain which increments their version number hapazardly, so version number shouldn't be part of the rules, but could be used as an initial flag)
<samueldr>
^ [12:19:06] <samueldr> which is a balancing act, if a number of smaller updates are skipped due to there being no security issues, do we make the large jump at the first security issue?
<samueldr>
mirroring my thoughts :)
<ekleog>
hmm, so counting negative points for changelog items indeed? :) something like “a user-facing change makes -X points, an API-facing change for rarely-used stuff -Y, and an API-facing change for often-used stuff -Z”?
<samueldr>
"software is a dependency / isn't a dependency" comes in like a dog in a bowling game :/
<ekleog>
yeah indeed
<ekleog>
and then whether bugfixes should be positive or negative points is hard too
<ekleog>
multiply Y and Z by (1 + number of dependencies in nixpkgs)? :°
haslersn has joined #nixos-dev
* ekleog
tossing things into a cauldron and seeing what sticks
<ekleog>
… anyway, more than time to sleep here, thank you for the discussion, and good night!
<haslersn>
samueldr: Ah I found my initial mistake. I had the name empty which apparently isn't allowed
<samueldr>
:)
<haslersn>
Thanks for your help. The error message was: "error: illegal name: '.drv'". It would be nice if it's something like "error: derivations mustn't have an empty name". Where is the right place to suggest such a minor change
shreyansh_k has left #nixos-dev ["Konversation terminated!"]
aszlig has quit [Quit: Kerneling down for reboot NOW.]
aszlig has joined #nixos-dev
haslersn has quit [Ping timeout: 256 seconds]
<gchristensen>
`nix build`'s low amount of output feels so much more boring :)
<domenkozar>
I always stare at it, having fun decyphering glyphs
<gchristensen>
thaht is another thing, I'm not entirely sure what all the numbers mean
<domenkozar>
I feel like I'm looking at 10 dimentional graph without labels
<gchristensen>
the download progress part -- really really good
<sphalerite>
lol
<sphalerite>
it's one of those binumeratorial fractions, never heard of those? ;)
<sphalerite>
in progress/done/total to do
<LnL>
isn't it building/done/total
<domenkozar>
lol
<LnL>
or is that what you mean with progress
<sphalerite>
yes
<sphalerite>
well the thing is there are two of those fractions often
<sphalerite>
[building/done building/total to build, copying/done copying/total to copy "copied"]
<LnL>
oh, you also get that when copying stuff?
<sphalerite>
nix build --argstr system i686-linux nixpkgs.rocksndiamonds
<sphalerite>
it'll build some bits and copy some bits from cache.nixos.org, displaying two fractionoids
<sphalerite>
(still don't know what to call them :D )
orivej has joined #nixos-dev
lopsided98 has quit [Quit: Disconnected]
sir_guy_carleton has joined #nixos-dev
lopsided98 has joined #nixos-dev
lopsided98 has quit [Quit: Disconnected]
lopsided98 has joined #nixos-dev
orivej has quit [Ping timeout: 252 seconds]
worldofpeace has joined #nixos-dev
worldofpeace has left #nixos-dev [#nixos-dev]
sir_guy_carleton has quit [Quit: WeeChat 2.0]
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nixos-dev
jtojnar has quit [Read error: Connection reset by peer]
ma27 has quit [Quit: WeeChat 2.2]
sir_guy_carleton has joined #nixos-dev
ma27 has joined #nixos-dev
goibhniu has quit [Ping timeout: 264 seconds]
page_ has joined #nixos-dev
page has quit [*.net *.split]
WilliButz has quit [*.net *.split]
LnL has quit [*.net *.split]
LnL has joined #nixos-dev
phreedom has quit [Remote host closed the connection]
phreedom has joined #nixos-dev
<samueldr>
it is surprising to me that symlink resolution is done locally, when nix-copy-closure --from $someotherhost
<samueldr>
nix-copy-closure --from bart.local /run/current-system # error: path '/nix/store/...-nixos-system-localhost-... is not valid'
<gchristensen>
I really wish I hadn't mucked up the aarch64 builder :')
<samueldr>
still having issues?
jtojnar has joined #nixos-dev
<gchristensen>
yeah. I locked myself out by breaking the networking, and not having an account with a password ... plus a lack of inventory at Packet to replace it and a bug in the reinstall process.
<gchristensen>
in other words, a great confluence of things adding up to ... this
<samueldr>
though, is it still up? or is hydra still a mystery to me?
<samueldr>
I don't see jobs piling up, and in /machines packet-t2a-1 is idle?