I’ve been thinking about a couple of suggestions for flakes, and so wanted to discuss them.
- Add a way to suggest substituters and public keys that improve cache hitrate for the given flake. Then add a Nix mechanism for somehow elevating permissions (via polkit?) if the user approves of those suggestions. This should improve the desktop experience of using flakes, if we ever come to a point where much software is packaged as separate flakes rather than in a centralized nixpkgs. Although I do agree that it is a potential safety issue, I think it is as much of a safety issue as installing from third-party repositories on traditional distributions.
- Add a way to specify the registry from which to resolve implicit flake inputs on
nix flake updateor
--update-input. This should improve the situation for organizations that maintain many flakes with similar/common inputs.
- Resolve flake inputs differently when creating a lockfile: download the direct dependencies, and if those dependencies have a lockfile, just take the values from there rather than downloading the entire tree.
If there is any interest in any of those improvements, I might try to implement a PoC for them and then help with writing the new RFC to include those features.