|
|
|
|
|
|
by the_why_of_y
2323 days ago
|
|
|
Nix/Guix is a very simple and elegant design, but I find it has a downside: because every package is immutable, a security fix in a low-level shared library (worst case: glibc) requires recompiling every package that depends on it, and because there is no difference between OS and applications - everything is a Nix package - you have to wait until the whole dependency graph is recompiled before you can effectively install the security update. TFA's design avoids this by separating out both a base OS layer and an application runtime layer, both of which have a bounded size. |
|
|