My issues when pushing NixOS to companies

Solene · June 4, 2023, 5:08pm

Suggesting steam-run to NixOS users to run their downloaded binaries always trigger some interesting questions

NobbZ · June 4, 2023, 7:28pm

License reasons aside, its closire size of ~4GB is not what I’d call an easy solution and absolutely nothing that scales well.

AndersonTorres · June 5, 2023, 3:28pm

I don’t disagree.
I am pointing out some difficulties on keeping, say, Nixpkgs 18.05. What we should do?

Five years, two per year, it implies ten Git tags receiving cherry-picks. Being the largest repo in existence (100k packages according to Repology), it implies potentially 5k packages, or a swarm of 50k cherry-picks.

It looks a huge work.

Solene · June 5, 2023, 3:30pm

I think IT industry is still looking for a sustainable workflow that allows maintainable systems to use not so old software

Melkor333 · June 6, 2023, 10:27am

I’ve been thinking about the security side of things and I can imagine that if someone is to use NixOS in the company, maintaining own packages is basically a must anyway.
So maybe instead of solving the security problem upstream (with longer release cycle, etc.) it might make sense to push/polish tools like vulnerability scans more with the intend of enabling everyone to “track and patch packages themselves”. It’s quite easy to manage out-of-nixpkgs packages with patches and if build time becomes an issue I can imagine that a company cache is an early requirement anyway.

But then again, this would probably require quite a bit of a company investment and quite some trial/error. Plus some good security engineers. looking pleadful at those awesome companies already investing many resources into Nix

polygon · June 7, 2023, 6:01pm

I agree, a differently named package with a similar function would be a good idea.

Solene · June 7, 2023, 6:23pm

Something like bin-run

znd4 · June 8, 2023, 6:55pm

Unsolicited grumbling that’s vaguely in agreement:

I ported my entire development environment to various nix* solutions (albeit running on Pop!OS as a base), and I gave up + switched to linuxbrew because:

I don’t want to have to think about c++ dependencies / LD_* when pip installing numpy.

Most of the responses I’ve seen to these issues have been along the lines of “why would you want {use pip / have a global python installation with ipython and numpy}? Just use small nix environemnts for everything”. That’s just not gonna cut it for a lot of people (myself included).

peterhoeg · June 22, 2023, 7:44am

I would argue that unless you are a tech company or otherwise have a significant existing in-house engineering base, it’s just too risky to choose NixOS - it’s too different and it’s too hard finding people who know it.

It’s all about risk management.

EDIT: that being said, there isn’t anything better (for me) at this point in time!