Long battle

Posted Mar 23, 2025 14:36 UTC (Sun) by RaitoBezarius (subscriber, #106052)
In reply to: Long battle by NYKevin
Parent article: Julien Malka proposes method for detecting XZ-like backdoors

What is interesting is that Nixpkgs is implementing many of these policies by virtue of the store based model.

(Even things like execve() policies are possible with eBPF and used by people in production with image based NixOS.)

And yes, we even wrap Bazel builds in Nix, e.g. Gerrit!