top | item 26924092

(no title)

sheenobu | 4 years ago

I thought of Nix while reading this thread and I'm wondering what makes it unique here? As a daily NixOS user I get that it is better but I don't know the specifics. the nixpkgs rpeo is superficially similar to homebrew (lots of people submitting packages, running on github, automation around commits).

What are the differences wrt to security?

1. It's language, Nix, is limited in scope?

2. No automated PR merge workflows (yet)?

3. Better community/engineering/security?

discuss

sneak|4 years ago

Well, a very simple answer is that homebrew embeds nonconsensual spyware into the brew tool itself, and nix does not. For me, "doesn't exfiltrate my private data to Google in the default config" is an important security benefit of nix over homebrew.

The longer answer is about the inherent benefits of the nix way of doing things; it is a horse of a different color compared to all other package managers I've seen or heard about. It is a different installation paradigm, and the nix documentation (and many blog posts) do a better job of describing its main differences than I can here.

Deterministic builds as a first class feature is probably the shortest summary. Being able to reference an entire and exact hash tree of deps is hugely valuable.

meroje|4 years ago

It does warn about it before sending anything though https://github.com/Homebrew/brew/blob/3e0f14083aa983c136a375...

myolxid1|4 years ago

Analytics are an invaluable resource for a volunteer-run project. To their credit, they issue a noticeable warning with the command to turn it off. It seems to me your issue is more about using Google Analytics - if there's a better alternative that is sustainable (read: free and doesn't require much effort to maintain) that should be suggested.