Here’s the open secret: nixpkgs does not have a channel that’s verifiably stable.
For 90% of the year there’s really only two viable channels to use on NixOS:
- unstable aka
nixos-unstable
, or - stable aka
nixos-YY.MM
(replaceYY.MM
with the most recent May/November release, currently24.05
).
All changes to stable must go to unstable first (via some other branches) and then get backported via label or a manual backport.
If it’s a browser update, it usually gets backported for security reasons.
For other security changes, it should get backported, but there’s no guarantee.
And for really any usability changes/bugfixes that involve breakages, they cannot be backported by policy. Morever even backportable fixes, are often forgotten to get backported in the first place.
And from experience, I would say most contributors to nixpkgs are more likely to be using unstable, as that’s close to master
(the branch PRs are made against).
So practically, stable is like an abandoned branch that sometimes gets attention.
However, unstable isn’t stable either, since the philosophy often comes up of “unstable is meant to be unstable, let’s just break things”. So you get wildly breaking changes within days/weeks of each other.
Hence there really isn’t a great channel to sit on if you want to avoid breakage while still having a not-so-buggy system. It’s a matter of tradeoffs, and for me personally, keeping close to the channel that actually gets fixes (unstable) is where I realistically feel is more manageable for me.
We have at least 2:
https://nixos.org/manual/nixos/unstable/release-notes
That’s a meme that misunderstands docker and nix, funnily enough.
Docker and nix do different things (containerisation vs correct deployment), though docker can be abused to pretend to do nix’s job.