Comment by XorNot
4 months ago
Containers don't break in any of those ways, but rebuilding the images with updates does and the same is entirely true of nix.
4 months ago
Containers don't break in any of those ways, but rebuilding the images with updates does and the same is entirely true of nix.
No, because Nix configuration is declarative and statically checked.
Containers is "run these random shell commands I copy pasted from the internet on top of this random OS image I pulled from the internet, #yolo".
Did you inspect the build code of all the nixpkgs you imported? Did you inspect the code of the tarballs they depend on? Sure, the SHA256 is right there...did you look at it?
People copy and paste nix code all the damn time because it's downright unparseable and inscrutable to the majority of users. Just import <module>, set some attrs and hit build. #yolo
Nix code is composable and statically checked for consistency. Docker containers is just a random sequence of shell scripts that sometimes happens to not error out because people mostly only use the same five Ubuntu or Alpine base images and don't layer more than two things at once.
You see the difference?