Skip to content

Instantly share code, notes, and snippets.

@grahamc

grahamc/xLICENSE Secret

Last active Nov 11, 2021
Embed
What would you like to do?

See this comment for the latest version: https://gist.github.com/grahamc/c60578c6e6928043d29a427361634df6#gistcomment-3959489


What to backport:

  • Security patches which aren't major updates
  • If a security patch is a major upgrade, try and find patches to our current version which accomplish the same goal. Apply the major update to master, and the patches to stable.
  • Bug fixes to applications which, again, aren't major updates. Generally be cautious about these.
  • Any updates when the current stable version is utterly broken. A key example of this is Spotify, who regularly breaks their old versions.
  • Extremely security-sensitive software, in particular Chrome, Chromium, Firefox, Thunderbird, and of course the kernel.

Don't backport if ...

  • the patch is just for Darwin, they use nixpkgs-unstable not a stable branch.

What is staging?

Staging exists to "pre-build" very large and sensitive changes. This is especially important for contributors, where trying to test a simple change may mean they have to build hundreds of packages in order to test it.

Staging can also be used to test big upgrades like coreutils, or a gcc major version bump, where it may create lots of subsequently broken packages.

Which channel is right for me?

You probably want to use the current stable, ie: nixos-18.03.

nixos-18.03 comes from the release-18.03 branch on GitHub. It maintains some package version stability over its six-month life, providing better guarantees that your system will keep working without major changes for the life of the release.

The stable branch also gets timely security patches delivered through channels.

The channels beginning with the nixos- prefix are thoroughly tested from the perspective of being an operating system. This means we test the X server, KDE, various servers, and lower level details like installing bootloaders and runnning the nixos installation steps. This is in contrast to the nixpkgs- channel prefix, where only limited testing is performed.

If you want to live on the bleading edge, perhaps nixos-unstable is right for you. It very frequently receives patches and updates that make larger version jumps than the stable branch.

The unstable branch also regularly receives security patches, however sometimes it can take several weeks for security patches to end up in the channels, due to test being broken.

If you are only using Nix as a package manager, perhaps the nixpkgs-unstable branch is better for you. This channel is very frequently updated, but does not receive the thorough testing the NixOS channels receive. DO NOT USE THIS FOR NIXOS.

CC0 1.0 Universal
Statement of Purpose
The laws of most jurisdictions throughout the world automatically confer
exclusive Copyright and Related Rights (defined below) upon the creator and
subsequent owner(s) (each and all, an "owner") of an original work of
authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for the
purpose of contributing to a commons of creative, cultural and scientific
works ("Commons") that the public can reliably and without fear of later
claims of infringement build upon, modify, incorporate in other works, reuse
and redistribute as freely as possible in any form whatsoever and for any
purposes, including without limitation commercial purposes. These owners may
contribute to the Commons to promote the ideal of a free culture and the
further production of creative, cultural and scientific works, or to gain
reputation or greater distribution for their Work in part through the use and
efforts of others.
For these and/or other purposes and motivations, and without any expectation
of additional consideration or compensation, the person associating CC0 with a
Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
and publicly distribute the Work under its terms, with knowledge of his or her
Copyright and Related Rights in the Work and the meaning and intended legal
effect of CC0 on those rights.
1. Copyright and Related Rights. A Work made available under CC0 may be
protected by copyright and related or neighboring rights ("Copyright and
Related Rights"). Copyright and Related Rights include, but are not limited
to, the following:
i. the right to reproduce, adapt, distribute, perform, display, communicate,
and translate a Work;
ii. moral rights retained by the original author(s) and/or performer(s);
iii. publicity and privacy rights pertaining to a person's image or likeness
depicted in a Work;
iv. rights protecting against unfair competition in regards to a Work,
subject to the limitations in paragraph 4(a), below;
v. rights protecting the extraction, dissemination, use and reuse of data in
a Work;
vi. database rights (such as those arising under Directive 96/9/EC of the
European Parliament and of the Council of 11 March 1996 on the legal
protection of databases, and under any national implementation thereof,
including any amended or successor version of such directive); and
vii. other similar, equivalent or corresponding rights throughout the world
based on applicable law or treaty, and any national implementations thereof.
2. Waiver. To the greatest extent permitted by, but not in contravention of,
applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
and Related Rights and associated claims and causes of action, whether now
known or unknown (including existing as well as future claims and causes of
action), in the Work (i) in all territories worldwide, (ii) for the maximum
duration provided by applicable law or treaty (including future time
extensions), (iii) in any current or future medium and for any number of
copies, and (iv) for any purpose whatsoever, including without limitation
commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
the Waiver for the benefit of each member of the public at large and to the
detriment of Affirmer's heirs and successors, fully intending that such Waiver
shall not be subject to revocation, rescission, cancellation, termination, or
any other legal or equitable action to disrupt the quiet enjoyment of the Work
by the public as contemplated by Affirmer's express Statement of Purpose.
3. Public License Fallback. Should any part of the Waiver for any reason be
judged legally invalid or ineffective under applicable law, then the Waiver
shall be preserved to the maximum extent permitted taking into account
Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
is so judged Affirmer hereby grants to each affected person a royalty-free,
non transferable, non sublicensable, non exclusive, irrevocable and
unconditional license to exercise Affirmer's Copyright and Related Rights in
the Work (i) in all territories worldwide, (ii) for the maximum duration
provided by applicable law or treaty (including future time extensions), (iii)
in any current or future medium and for any number of copies, and (iv) for any
purpose whatsoever, including without limitation commercial, advertising or
promotional purposes (the "License"). The License shall be deemed effective as
of the date CC0 was applied by Affirmer to the Work. Should any part of the
License for any reason be judged legally invalid or ineffective under
applicable law, such partial invalidity or ineffectiveness shall not
invalidate the remainder of the License, and in such case Affirmer hereby
affirms that he or she will not (i) exercise any of his or her remaining
Copyright and Related Rights in the Work or (ii) assert any associated claims
and causes of action with respect to the Work, in either case contrary to
Affirmer's express Statement of Purpose.
4. Limitations and Disclaimers.
a. No trademark or patent rights held by Affirmer are waived, abandoned,
surrendered, licensed or otherwise affected by this document.
b. Affirmer offers the Work as-is and makes no representations or warranties
of any kind concerning the Work, express, implied, statutory or otherwise,
including without limitation warranties of title, merchantability, fitness
for a particular purpose, non infringement, or the absence of latent or
other defects, accuracy, or the present or absence of errors, whether or not
discoverable, all to the greatest extent permissible under applicable law.
c. Affirmer disclaims responsibility for clearing rights of other persons
that may apply to the Work or any use thereof, including without limitation
any person's Copyright and Related Rights in the Work. Further, Affirmer
disclaims responsibility for obtaining any necessary consents, permissions
or other rights required for any use of the Work.
d. Affirmer understands and acknowledges that Creative Commons is not a
party to this document and has no duty or obligation with respect to this
CC0 or use of the Work.
For more information, please see
<http://creativecommons.org/publicdomain/zero/1.0/>
@grahamc
Copy link
Author

grahamc commented Jan 9, 2017

@vcunat can you make this proper docs? :)

@magnetophon
Copy link

magnetophon commented Jan 10, 2017

+1

@k0001
Copy link

k0001 commented Jan 10, 2017

Where it says

[Don't backport if...] the patch is just for Darwin, they use nixpkgs-unstable not a stable branch.

At times one pins the same NixOS release version to build stuff on Linux and Darwin. I know of this use case in a company where some people use Darwin in their local computers and some others use Linux, always following nixos-16.09, even if at end of the day everything gets deployed on top of Linux.

So.. backporting security updates for Darwin might make sense in cases like this one.

@grahamc
Copy link
Author

grahamc commented Feb 11, 2017

@vcunat would you like to docbook this?

@Anton-Latukha
Copy link

Anton-Latukha commented Dec 23, 2017

@grahamc

Since this gist gets used in the chatroom. Probably good also to mention in Which channel is right for me?:
https://howoldis.herokuapp.com/ link.
And also mentioning what are -small channels.

@turion
Copy link

turion commented Apr 2, 2018

Probably, we'd want 18.03 now?

@AriFordsham
Copy link

AriFordsham commented Jul 5, 2021

I understand there is nothing wrong with using nixos- channels on non-NixOS?

@samueldr
Copy link

samueldr commented Nov 11, 2021

I understand there is nothing wrong with using nixos- channels on non-NixOS?

Nothing wrong. The nixos- channels wait for ["NixOS specific test" "all linux packages tried to be built"] before advancing. The nixpkgs- channels wait for ["all darwin packages tried to be build" "all linux packages tried to be built" "some package tests"] before advancing. So unless you have a setup where you need macOS packages and Linux packages to be locked to the same versions, there is nothing wrong in preferring nixos- channels on non NixOS systems.

@samueldr
Copy link

samueldr commented Nov 11, 2021

Note

Up-to-date backporting guidelines are now in the CONTRIBUTING.md document.

(It may have been updated since this comment was written.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment