this post was submitted on 03 Apr 2024
35 points (88.9% liked)
Nix / NixOS
1780 readers
1 users here now
Main links
Videos
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's true, but you have to know there was a backdoor first. If someone doesn't know, and they use the latest version, they're vulnerable to attack
@starman @GarlicToast true but I don't think you can use nix and not know about the xz exploit within minutes of it being found out.
Do you have an RSS feed of CVEs impacting Nixos?
Anti Commercial AI thingy
CC BY-NC-SA 4.0I believe the point they were making is that if you are techy enough to use nix, they are likely the type to keep up to date with news like this.
NixOS is aimed at highly technical people. You literally code your system structure.
If the issue had been critical, then the branch head could be rolled back, causing everyone to downgrade
That's a nice idea in theory but not possible in practice as the last Nixpkgs revision without a tainted version of xz is many months old. You'd trade one CVE for dozens of others.