I liked that you explained basic concepts until the buildup in the article.
> Disclaimer: Yes, I know you can technically use strict dependency pinning in Docker. This still doesn’t entirely solve the problem
Why doesn't it solve the entire problem?
> Herein lies a problem. What if the dependency being downloaded from this external source has changed (e.g., maybe it’s been patched!) vs. the same dependency downloaded by another server/computer a week prior?
Just so I understand correctly, if Nix wasn't using the concept of hashes, the same problem would _also_ stand for the Nix Registry as well, right?
Devbox (https://www.jetpack.io/devbox/)byJetpack.io is a great intro to Nix. It packages tools via a simple json file, and uses Nix underneath to install these tools. Really easy to use compared to default Nix.
Hey everyone, happy to answer any questions regarding Nix you may have.
I liked that you explained basic concepts until the buildup in the article.
> Disclaimer: Yes, I know you can technically use strict dependency pinning in Docker. This still doesn’t entirely solve the problem
Why doesn't it solve the entire problem?
> Herein lies a problem. What if the dependency being downloaded from this external source has changed (e.g., maybe it’s been patched!) vs. the same dependency downloaded by another server/computer a week prior?
Just so I understand correctly, if Nix wasn't using the concept of hashes, the same problem would _also_ stand for the Nix Registry as well, right?
Devbox (https://www.jetpack.io/devbox/)by Jetpack.io is a great intro to Nix. It packages tools via a simple json file, and uses Nix underneath to install these tools. Really easy to use compared to default Nix.