<pie_>
does anything prevent malicious packages from tampering with other packages during installation?
<pie_>
(possibly dumb question)
<pie_>
* most likely dumb question
<clever>
pie_: if your running nix-daemon as root, the build is ran as a random user like nixbld1
<clever>
and it only has write access to $out
<pie_>
ah ok
<pie_>
cool
<clever>
and if sandboxing is enabled, it cant even read paths that are not defined as inputs
<clever>
and it cant access the network, or see your processes
<clever>
pie_: the only exceptions, are kernel exploits that break namespacing, and that a fixed-output derivation does have network access
goibhniu1 has quit [Ping timeout: 268 seconds]
Cale has joined #nixos-dev
Lisanna has joined #nixos-dev
mingc has joined #nixos-dev
vcunat has joined #nixos-dev
obadz- has joined #nixos-dev
obadz has quit [Ping timeout: 256 seconds]
obadz- is now known as obadz
<sphalerite>
obadz: is world peace possible with nixos??
<sphalerite>
obadz: is dividing by 0 possible with nixos?
<sphalerite>
:D
Synthetica has joined #nixos-dev
orivej has joined #nixos-dev
<MichaelRaskin>
sphalerite: obadz: simpler question: is not letting systemd take over all the VT control possible with NixOS?
<sphalerite>
probably not haha
goibhniu has joined #nixos-dev
<srhb>
Anybody remember the real name policy for maintainer-list.nix? Are we only enforcing real name required for people with push access, or everyone?
<tilpner>
Where "real name" is "name that sounds like it could belong to a real person", or "name that we have verified belongs to this person"?
<srhb>
tilpner: I'm not aware of any verification efforts (so yes, I agree it's a bit silly, but I've seen it enforced none the less)
<tilpner>
What purpose would there be in having a real name over a pseudonym?
<srhb>
None that I know of.
<tilpner>
(As long as the user does not have any real rights)
<MichaelRaskin>
I think the point of pretending to have a real name is to pretend tht people licensed their contributions under their own name, and if not, then the project gor defrauded and is ready to remove code at the request of anyone capable to _prove_ copyright ownership (good luck with proof)
<srhb>
blergh, legal stuff...
<tilpner>
Could an optional contributor license agreement fix this?
<tilpner>
(Or does that fail for the same reason?)
<tilpner>
Hmm, it might not be possible to agree to a CLA without providing your real name
<tilpner>
Nevermind me
<MichaelRaskin>
And of course all that «knowingly» qualifiers in the various laws mean that not having any explicit reason to doubt is what counts.
<obadz>
sphalerite: absolutely, if everyone in the world used NixOS and nothing else, we would have world peace
<MichaelRaskin>
By cutting communications to everyone not qualified to maintain a NixOS installation?
<tilpner>
Because humanity didn't survive the Nixpocalypse (core systems failing as ancient infrastructure is upgraded to NixOS)?
vcunat has quit [Ping timeout: 256 seconds]
vcunat has joined #nixos-dev
orivej has quit [Ping timeout: 248 seconds]
orivej has joined #nixos-dev
<obadz>
sphalerite: and yes NixOS can add 1/0 to ℕ(ixOS)
<obadz>
MichaelRaskin: re systemd, I'm sure there at least exists some patch that makes this possible :)
<obadz>
MichaelRaskin: in any case, even a systemd-free nix-based OS that doesn't use systemd is NixOS afaik…
<MichaelRaskin>
Well, my setup doesn't even have NixOS module system
<MichaelRaskin>
So I think it is not really NixOS
Synthetica has quit [Quit: Connection closed for inactivity]
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-dev
<zybell>
licensing:The *author* has copyright because of authoring sth,nothing to do with having a name. Even if sb doesnt have a name (yet) copyright applies. Licensing:OSS Licenses are one sided.Nobody needs to know the name of the licensor because the person (not the name)makes the offer,and by applying some deeds it is accepted. On both sides no name needed.
<MichaelRaskin>
zybell: what are the conditions for making an offer is different in different jurisdictions (even inside EU), and nobody is completely sure…
<zybell>
to make an offer is roman law,applies world wide and is the basics of contract. Some offers are illegal to accept,but even then the contract mostly holds.There are very few situations where a contract is void from beginning,and mostly have to do when whats really offered is different from what seems to be offered.
<zybell>
for instance in most states it is illegal to offer alcohol to juveniles. But if a sale happens the juvenile *owns* the alc afterwards.(The offerer will be prosecuted)but doesnt get back the alc.
vcunat has quit [Ping timeout: 255 seconds]
vcunat has joined #nixos-dev
<ekleog>
NinjaTrappeur: ISTR you were interested in helping out on ofborg? you should join #nixos-borg
<ekleog>
NinjaTrappeur: also, wanted to ask you, have you started thinking about the “mocking github in ofborg tests” thing? I've given it a bit of thought from time to time, and currently think it may be easier not to mock the whole of github, but to mock the hubcaps crate and the web/ directory that handles github webhook calls -- even though that'd make for a bit less coverage, it'll likely be much easier
<ekleog>
than mirroring the github api
<MichaelRaskin>
I can confirm that #nixos-borg is quite low-traffic (way lower traffic than #nixos-dev let alone#nixos)
vcunat has quit [Ping timeout: 256 seconds]
<NinjaTrappeur>
ekleog, Not yet, I plan to start digging on that on Monday :)
<NinjaTrappeur>
Alright
<LnL>
yes! mock all the things
<ekleog>
great :D
vcunat has joined #nixos-dev
taktoa has joined #nixos-dev
vcunat has quit [Quit: Leaving.]
Synthetica has joined #nixos-dev
drakonis has joined #nixos-dev
pie__ has joined #nixos-dev
pie_ has quit [Ping timeout: 248 seconds]
zybell has quit [Ping timeout: 264 seconds]
goibhniu has quit [Ping timeout: 240 seconds]
ghostyy has joined #nixos-dev
zybell has joined #nixos-dev
<ghostyy>
hey, i have a question - if i had a programming langyuage with packages for different modules and stuff, dependencies between modules, how easy would it be to use nix's package manager to do package management (building + dependency resolution + distributing) for those packages? would i need to modify nix? im assuming id have to at least set up some kind of private nix repo for distributing the packages + nix expressions
jtojnar has quit [Ping timeout: 248 seconds]
jtojnar has joined #nixos-dev
<drakonis>
ghostyy, you might want to try the main channel for that
<drakonis>
#nixos
<ghostyy>
well, my followup question was going to be "do nix developers consider this an important use case for their software (making it easy to use for other people to use nix for managing packages in their own software ecosystem)"
<ghostyy>
but ill ask it there too
<simpson>
ghostyy: Don't modify Nix to fit your language; loosen your language to fit Nix.
<simpson>
In the Monte language community, we've done some experiments with having Nix-managed Monte modules. It works for us.
Synthetica has quit [Quit: Connection closed for inactivity]