From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8450B138334 for ; Tue, 13 Nov 2018 05:45:00 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BA442E09D1; Tue, 13 Nov 2018 05:44:56 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 68BBEE0995 for ; Tue, 13 Nov 2018 05:44:56 +0000 (UTC) Received: from [192.168.1.100] (c-98-218-46-55.hsd1.md.comcast.net [98.218.46.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mjo) by smtp.gentoo.org (Postfix) with ESMTPSA id 8C904335CFA for ; Tue, 13 Nov 2018 05:44:54 +0000 (UTC) Subject: Re: [gentoo-dev] [PATCH] install-qa-check.d: Support QA{,_STRICT}_INSTALL_PATHS variables (bug 670902) To: gentoo-dev@lists.gentoo.org References: <20181112203344.611-1-zmedico@gentoo.org> <2f93eb4a-0fdf-ac1f-d40d-81a3b6a944e9@gentoo.org> <3260d441-53d5-3016-958a-d961af9f7ded@gentoo.org> <8b5289cf-2829-33b3-9d01-9461a3066b3e@gentoo.org> From: Michael Orlitzky Message-ID: Date: Tue, 13 Nov 2018 00:44:49 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <8b5289cf-2829-33b3-9d01-9461a3066b3e@gentoo.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Archives-Salt: 85c76789-e131-456e-b045-d0abba5b9d19 X-Archives-Hash: 876cec0a1c386632203c2e7558d0703a On 11/12/2018 06:47 PM, Zac Medico wrote: >> >> The idea being, to put it in the right place by default, and let people >> override it with EXTRA_ECONF if they really want to download random >> binaries from strangers and run them. > > I recommend to add /nix to the whitelist because this is the default > location for all operating systems, as shown consistently throughout the > installation instructions found at > https://nixos.org/nix/manual/#chap-installation. I mean... I know... my argument is not that they don't tell you to do something dumb. If you really want the official experience, you can close your eyes, cross your fingers, say a prayer to RMS, and then follow their installation instructions: $ curl https://nixos.org/nix/install | sh The fact that some people choose to use portage to install it probably means that they were looking for something a little less yee-haw. We trust the package manager to not let ebuilds do dumb things to our systems: no surprise network access, no random filesystem reads/writes, reliable uninstalls, things installed in sensible paths, etc. We shouldn't make exceptions to those policies without a good reason. > The nix manual also has this explicit warning in the "Building Nix from > Source" section found at https://nixos.org/nix/manual/#sec-building-source: > >> Warning: It is best not to change the Nix store from its default, > since doing >> so makes it impossible to use pre-built binaries from the standard Nixpkgs >> channels — that is, all packages will need to be built from source. Do I have to be that guy who suggests that if people don't want to build from source, then maybe they took a wrong turn back at distrowatch? You can override the nix store location with EXTRA_ECONF if you really want to dump stuff in /nix. At which point the warning is just telling you what's up: you're doing something wrong.