Slashdot Mirror

← Back to Stories (view on slashdot.org)

Guix Gets Grafts: Timely Delivery of Security Updates

Posted by timothy on from the shelter-in-place dept.

paroneayea writes: GNU Guix, the functional package manager (and with GuixSD, distribution) got a nice feature yesterday: timely delivery of security updates with grafts. Guix's new grafts feature recursively produces re-linked packages as dependencies without waiting for all to compile when a time-sensitive security upgrade is an issue. This came just in time for this week's OpenSSL security issues, and has been successfully tested by the community. It worked so well that it was able to reproduce the ABI break issue that other traditional distributions experienced also!

1 of 13 comments (clear)

  1. Re:So... by Anonymous Coward · · Score: 3, Informative

    The news seems to be something like this:
    - GNU has a package manager. Didn't know that.
    - The package manager is functional in many ways.
    - Because it's functional in many ways, it also sucks in some ways.
    - They managed to reduce the suckage, which is good for them.

    What would be news for me is something like this:
    - Why do I care?

    It's a relatively new thing (2012) so I'm guessing most haven't heard of it. The GNU folks took an existing package manager, Nix and modified it to use Guile Scheme instead of Nix's own language for describing functions (packages). You're right that it's functional (in the functional programming sense), which gives it its own set of pros and cons compared to traditional package managers.

    As for why you might care, this comment on SN briefly covers what it means to be a functional package manager, including some of the pros and cons of it. It's about Nix, not Guix, but since Guix is based on Nix the information should apply equally to both. It's kind of long so I don't want to copy/paste the whole thing here, but it focuses heavily on the "why should I care?" aspect so it's worth a read if you're seriously curious about what's interesting about Guix or Nix.

    Not mentioned in the writeup is that, because they're so new, documentation can be difficult to come by and it's all command line. Might be a mood killer for some, but I've found it worth the trouble so far.