Nix Developers don't care about security
"[...] security is not a priority here. Fell free to try to improve security in Nix world, but you are better off with Guix. They even don’t trust compilers w/o bootstrapping from the source option :)"
-Nix Dev
Search for Nix on this page:
@amnesia the only thing about nix there is that stupid curl|sh line, which isn't really worth mentioning
@newt
The key take away is what the developer said about how they don't prioritize security in the distro, which is a big deal imo
@amnesia isn't that sarcasm regarding that line? I'd honestly assume so.
@newt
I don't think so
QubesOS is focused on hardline security via isolation. There is a difference between that kind of security, and general good security practices any Linux distribution should follow
@amnesia
Such as chroot'ing the services/daemons accepting an external connections (sandboxing)?
AFAIK, #Nix does provide some of that functionality, but I haven't checked.
And there is plenty of "hardening" features enabled by default (which you sometimes have to disable to make a package build).
Honestly, infosec is not my area of interest: I value reliability much more than security, and consider the unintentional issues much more of a problem than the intentional.
@newt
@newt @amnesia fwiw this isn't true. We do care about security and take great care to do this properly. Kmicu doesn't represent the Nix team's position on security. If you want to validate it before execution, it is right here: https://screenshotscdn.firefoxusercontent.com/images/40244377-1154-45f0-948b-a459a77c3a19.png
@amnesia i'd try, but...