undefined | Better HN

0 pointsotabdeveloper46mo ago0 comments

NixOS is miles better from a security standpoint than any Debian or Red Hat already, so take what you can.

0 comments

It is way behind Debian on even the basics sadly. Maintainers do not even sign in NixOS making them easy to impersonate. Debian security is a joke too though in other areas, and like nix, should never be used in production either.

See a security comparison of both with stagex: https://codeberg.org/stagex/stagex#comparison

otabdeveloper4OP6mo ago

> should never be used in production either

A very hot and very wrong take.

NixOS at least has immutable read-only system images. This makes it a thousand times less interesting to a potential attacker than a Debian system.

For every Mossad agent crafting elaborate impersonation scheme to steal state secrets, there are a million script kiddies looking for insecure servers for a botnet.

P.S. A bigger issue is the complete inability of the "security industry" to understand even basic threat model issues. More proof that this entire "industry" is a joke and a clown show.

j / k navigate · click thread line to collapse