[lrvick]

Encouraging the use of Nix in production is wildly irresponsible. I am really surprised to see Google do this given their generally high security bar. Maybe this team operates in a bubble and gets to prioritize developer experience above all else.

[georgyo]

Nix in production is more common than you think, even at scale.

It's hard to know what exactly your security concerns are here, but if you look at the current ecosystem of using containers and package registries, Nix is pretty clearly a solid contender, security-wise.

[lrvick]

Plenty of wildly unsafe behavior is common in production infrastructure today. This is also why compromised corporate infrastructure is in the news so often. Few orgs hire or even contract security engineers with Linux supply chain and hardening experience, opting to blindly trust the popular options and their maintainers.

NixOS knowingly discards vital supply chain integrity controls to minimize developer friction and maximize package contributions. It is a highly complex Wikipedia style distribution optimizing for maximum package variety which is absolutely fine and great for hobby use cases, but use in security critical applications is absolutely irresponsible.

Guix goes some big steps further in supply chain integrity but still ultimately trusts individual maintainers.

See this chart to understand how NixOS compares in terms of threat model https://codeberg.org/stagex/stagex#comparison

[hollerith]

He explains his concerns at https://news.ycombinator.com/item?id=36268776