On 13/05/17 12:14, Leo Gaspard wrote:
On 05/13/2017 05:28 AM, Stefan Huchler wrote:
[...]
Do you know the reason why it defaults to false, cant think of any
disadvantage of that functionality. I mean nixos eats harddrive like
nearly no other distro. So saving space cant be the reason.
Some sort of privacy concern?
With https://github.com/NixOS/nix/issues/8 solved, there will be
possibility to have password in the configuration that won't be
world-readable. In this context, copying the configuration.nix would
make world-readable again, which in case of passwords can hurt security
a lot.
At least that's the only reason I can think of.
HTH,
Leo
The way this option is implemented makes it impossible to activate by
default for hydra test builds.
In most autamated setups like that, the bare module system is used, and
there is no configuration.nix involved.
Jry to temporarilly move configuration.nix somewhere else, and you will
see that nixos-rebuild fails verbosely :-).
See the previous ML discussion on that topic where we proposed to keep
it opt-in, but with an apt-out config line in the default configuration.nix.
This may already be implemented.
Regards,
-- Layus.
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev
