Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It was discussed in the Debian mailing list long ago, when Nix was not so polished [1].

Honestly, I think it's a migration really worth it. Nix (and Guix) are quite mature now. The advantages they bring into the table are massive.

The whole Debian ecosystem would become a lot more integrated and robust. It would be possible to develop packages at their own pace, without having to keep all dependencies in sync with the whole package tree. Besides, no more dist-upgrade breaking your whole system. It would look a lot like a rolling release, but with none of its disadvantages.

It would be also possible to turn all Debian flavours into little declarative Nix blurbs. There are countless advantages.

[1] https://lists.debian.org/debian-devel/2013/02/msg00374.html



I think the risk of some software being kept on many versions old, full of security issues libraries is pretty significant, because the major impetus to force an upgrade has gone away, that is it wont even function without updating.


Should this issue be addressed at a technical level or a policy level? No matter how they manage the distro, so stuff is going to come down to policy and process. To me it seems like the sort of thing that should be handled with package audits.


The solution might be to keep nix for system software only and have third-party developers deploy snaps or flatpaks. Auditing package dependencies against a list of invalidated hashes should be easy enough.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: