DeterminateSystems/flake-checker
1
1
Fork 0
mirror of https://github.com/DeterminateSystems/flake-checker.git synced 2024-10-27 07:34:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add text around upstream Nixpkgs

Browse Source
This commit is contained in:
Luc Perkins 2023-05-23 16:37:36 +02:00
parent afdb2f92b4
commit d20c110779
No known key found for this signature in database
GPG Key ID: 4F102D0C16E232F2
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/explainers/upstream_nixpkgs.md
View File

@ -1 +1,3 @@
Say more here later.
We don't recommend using forked or re-exported versions of Nixpkgs.
While this may be convenient in some cases, it can introduce unexpected behaviors and unwanted security risks.
While <a href="https://github.com/NixOS/nixpkgs">upstream Nixpkgs</a> isn't bulletproof&mdash;nothing in software is!&mdash;it has a wide range of security measures in place, most notably continuous integration testing with <a href="https://hydra.nixos.org/">Hydra</a>, that mitigate a great deal of supply chain risk.

4
src/templates/summary.md
View File

@ -77,6 +77,8 @@ Here's an example:
inputs.nixpkgs.url = "github:NixOS/nixpkgs";
}
```
If you need a customized version of Nixpkgs, we recommend using methods like [overlays] and per-package [overrides].
</details>
<details>
@ -87,3 +89,5 @@ Here's an example:
[flake-lock-action]: https://github.com/determinateSystems/update-flake-lock
[nixos]: https://github.com/nixos
[overlays]: https://nixos.wiki/wiki/Overlays
[overrides]: https://ryantm.github.io/nixpkgs/using/overrides