when i first got into nix, i had the same questions, and i did some research.
I concluded that nix is no worse then anything out there alreadyā¦ , from a packaging point you can build binary packages yourself from source, itās not difficult to do. You can even run hydra and build everything yourself. Nix is not machine code, once you get it , you can see what itās doing, patching, building, etc etc, I find it easier to audit than endless ansible yaml filesā¦or bizzareo python build DSLās like yockto.
Other distroās i have to trust not only the base operating system gods, but the people who package the software tooā¦ , I have to trust THEIR actual system security too. If they build a binary, and i use it, i have very little clue how that was built , or what the state of the system was when it was built. Unless i build it myself, and that is much harder than doing a simple nix-build on a nix/OS machine i can assure you.
To reduce commit bottlenecks to debian repoās ā¦ you start to add a lot of 3rd party repoāsā¦ and as we all know adding more 3rd party apt repoās , basically kills a Debian based distros after some time. Nixos is the only thing Iāve seen survive this abuse! :-).
I only mention Debian as an exampleā¦, but they all have this problem, all of them, because thats the way binary distributions workā¦ you need a lot of trust based not only in the building of software, but a lot of trust in the packaging and distribution of software. Nix you only to trust the build recipe , and you can do everything else yourself if your having a tin foil hat moment.
So itās swings and roundaboutsā¦
Thereās nothing to stop your forking nixpkgs, controlling and auditing every change. However that requires human effort, a lot of it, but itās not impossible and thatās what makes nix/OS so bloody brilliant.
If you got a enough human effort to managed your own nixpkgs, youād have your own OS. You could set what rules you wanted, and let whoever you want be able to merge PRās. However, it may soon diverge, to a state it can never be fed back into mainline. You have just given birth to a new operating systemā¦this may be a bad thing or a good thingā¦
A lot of the activity is not actually core operating system or infrastructure, itās application bumps, or library bumps (not core ones either). Not everything is as critical as libc , the kernel or openssl.
The nixos-small channel i presume was attempt at thisā¦ both to reduce testing time, and have a more auditable amount of commits coming through for lean and mean machines (servers).
This leads on to secure software bill of materialsā¦nix believe it or not is best in class for providing this information, because nix cares a lot about itās inputsā¦
At the end of the day, security is a matter of trust. Nix needs more engineering effortā¦ paid effort , to keep a well maintained and watered garden.
itās going to be interesting how it pans out. history in the making.
Things will get more interesting a nix adoption increases , and committers go from 4000 to 400,000.
hmmmā¦ interesting times.
I have to agree with you, itās a rabbit holeā¦ The other distros ask these questions as well, i wonder what solutions they have to āsuccessā and ācontributor popularityā