[Nix-dev] [***SPAM***] Dynamic Dependency Management by Calling External Programs from Nix

Marc Weber marco-oweber at gmx.de
Wed Oct 26 18:42:32 CEST 2011


Excerpts from Eelco Dolstra's message of Wed Oct 26 17:38:28 +0200 2011:
> No, these functions are not actually used by any package in Nixpkgs.  But
> they're used (e.g.) by Hydra jobs.

The bulitin.readFile can then be used to read /root/* files and put
those contents into the store if you run nix as root?

Should nix start issuing a warning "don't run as root" for that reason
when running nix-instantiate,-build,-env ?

We either have to do that or start security review of each patch. The
more comitters the more risk. Luckily malicious code is seen seldomly in
open source projects? ..

Does the manual already contain a hint (I missed it)

Marc Weber


More information about the nix-dev mailing list