Nix Developers don't care about security
"[...] security is not a priority here. Fell free to try to improve security in Nix world, but you are better off with Guix. They even don’t trust compilers w/o bootstrapping from the source option :)"
-Nix Dev
Search for Nix on this page:
@amnesia i'd try, but...
@amnesia the only thing about nix there is that stupid curl|sh line, which isn't really worth mentioning
@newt
The key take away is what the developer said about how they don't prioritize security in the distro, which is a big deal imo
@amnesia isn't that sarcasm regarding that line? I'd honestly assume so.
@newt
I don't think so
QubesOS is focused on hardline security via isolation. There is a difference between that kind of security, and general good security practices any Linux distribution should follow
@amnesia
Such as chroot'ing the services/daemons accepting an external connections (sandboxing)?
AFAIK, #Nix does provide some of that functionality, but I haven't checked.
And there is plenty of "hardening" features enabled by default (which you sometimes have to disable to make a package build).
Honestly, infosec is not my area of interest: I value reliability much more than security, and consider the unintentional issues much more of a problem than the intentional.
@newt
