| 15 Nov 2024 |
 aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | In reply to @emilazy:matrix.org
which comment? The comment you are linking to | 11:17:38 |
 emily | oh, "No other distro"? | 11:17:48 |
| emily | does openSUSE rebuild every downstream package for a one-byte security fix patch in OpenSSL that doesn't affect the headers or ABI? | 11:18:13 |
 p14 | Just because other distros may pay the cost doesn't mean nixpkgs must also. | 11:18:36 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | In reply to @p14:matrix.org
Just because other distros may pay the cost doesn't mean nixpkgs must also. Don't get me wrong; I mean it's not something specific to Nixpkgs or Guix | 11:19:12 |
| emily | the world rebuilds are generally more gradual with other distros, AIUI | 11:20:18 |
| emily | involving manual pkgrel bumps etc. | 11:20:25 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | In reply to @emilazy:matrix.org
does openSUSE rebuild every downstream package for a one-byte security fix patch in OpenSSL that doesn't affect the headers or ABI? I'm not sure if they added an automated function reference table or something similar when using the open build service. This process may be done manually, but based on my past experience with OBS, it should not be automatic | 11:20:49 |
| p14 | Can we come back to what it would take to actually try and start implementing this? Is there a prototype repo or effort to try some of these ideas somewhere? | 11:21:08 |
| emily | OpenSUSE is just like us (crazy rebuilds, fancy automated QA service) | 11:21:09 |
| emily | In reply to @p14:matrix.org
Can we come back to what it would take to actually try and start implementing this? Is there a prototype repo or effort to try some of these ideas somewhere? it's in my head :) | 11:21:20 |
| p14 | Want to collaborate and try and prove it can be done? :) | 11:21:33 |
| p14 | I would try and use it and break it. | 11:21:49 |
| p14 | (and fix it) | 11:21:57 |
| emily | here's the sketch: for every derivation producing a shared library, you want to use llvm-ifs to generate stubs from the libraries. you put those in dev, say | 11:22:08 |
| p14 | Makes sense. | 11:22:17 |
| emily | downstream derivations do not consume the library output at build time. they consume dev exclusively | 11:22:23 |
| emily | and dev is ca-derivations | 11:22:32 |
| emily | (can you have only some outputs be CA? probably not. so it's a pain with Nix already) | 11:22:39 |
