musicmatze 
WRT streaming I guess some #nixpkgs maintenance could also be streamed...
oh well..
Pascal Dietrich@pi_crew @stalwartlabs I'm thrilled for it to land in #nixpkgs
But take your time (I have enough to do, migrating nginx from Docker to Nix :))
But take your time (I have enough to do, migrating nginx from Docker to Nix :))
A.B. MurrowBlog post by @luj that escaped my attention until now asking just how reproducible nix and NixOS is at scale? Turns out, he's been studying this exact question since 2017 and did a part of his PhD study on it.
https://luj.fr/blog/is-nixos-truly-reproducible.html
The answer? In 2017, about 60% of builds from nixpkgs were bitwise reproducible.
Now, it's over 90%.
This is great news! Especially since we don't have any tools that actively monitor this, so there isn't any active process that enforces reproducibility outside of nix itself (and the reproducibility team, let's not forget)
Great work, and great writeup. I look forward to reading more in the paper he teases in the post.
Botticellinixpkgs security changes
@nixpkgssecuritychanges • Joined: Jul 13, 2024
Bot publishing merged #nixpkgs pull-request with a security label and security announcement made on Discourse.
Experiment managed by @Le_suisse
Vivekanandan KS 
(vivek)A simple analogy for anyone to understand how #nix is different from tools like #ansible etc
Ansible(convergent) is like carving a wood, where u have some existing state like plain wood which u tinker continuously until u achieve the expected state
Nix(congruent) is like 3d printing, where the exact expected state is created from the start🔥
#nix #nixos #nixpkgs #nix
#DevOps
Edit:
img attribution: https://mathstodon.xyz/@Pol/116402344325876001
Found the source🤝
It's almost time for NixOS release 26.05, which means I've been really busy trying to get the NixOS Drupal service ready for the big day! I've been hard at work fixing bugs and adding new features that will make it easier to package and run custom Drupal packages on NixOS.
I realized recently that I've been working on this project for nearly a year now, so it might be a good time to blog about the things I've done since last year, and talk about what's next for Drupal on NixOS.
Drupal As A Service: A Year In Open Source | Andrew Benbow
It's been about a year since I started building and maintaining the Drupal service integration for NixOS, and the next nixpkgs stable release is comming up this May, so it seems like a good time to take stock and talk about what has been going on with this project in that time.
Alex o_OÄr inte 100% alltid emot LLM, men... på den heligaste av platser... 😢
nixpkgs security changesNix security advisory: Privilege escalation via symlink following during FOD output registration
Nix security advisory: Privilege escalation via symlink following during FOD output registration
Summary Nix daemon is vulnerable to arbitrary file overwrites as the daemon user (root on NixOS and in multi-user installations). The issue is identified as GHSA-g3g9-5vj6-r3gj with CVE assignment pending. All users allowed to submit builds to the Nix daemon (allowed-users, everyone by default) can achieve arbitrary file writes as root and subsequent privilege escalation. Am I affected? All Nix versions since 2.21 and patch releases >=2.18.2,>=2.19.4,>=2.20.5 prior to 2.34.5, 2.33.4, 2.32.7, 2...
꧁ঔৣ☬⛧∴╎ᓭ!¡ᓭ⛧☬ঔৣ꧂ (Valerie)I am starting to understand more and more why #nix critters don't bother merging their stuff into #nixpkgs 
Like there is a non-0 chance of me just being stupid but wtf is this
https://github.com/NixOS/nixpkgs/pull/499520#pullrequestreview-4063026079
- posted by Valerie
Like there is a non-0 chance of me just being stupid but wtf is this
https://github.com/NixOS/nixpkgs/pull/499520#pullrequestreview-4063026079
- posted by Valerie
to⟁st⟁l420 commits (the weed number) into Nixpkgs with this absolute pedantry https://github.com/NixOS/nixpkgs/pull/506286#issuecomment-4191348211
It puts the “stone” in milestones amirite?
