| 20 Jun 2025 |
 emily | it's a purity hole | 17:23:53 |
| emily | Darwin doesn't have network namespaces, Linux does | 17:23:57 |
| emily | in particular you can puncture the sandbox with it somewhat, although the Darwin sandbox is moderately porous to begin with | 17:24:28 |
| emily | see e.g. https://github.com/NixOS/nix/pull/11270#issue-2456432178 | 17:25:03 |
 aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | In reply to @emilazy:matrix.org
see e.g. https://github.com/NixOS/nix/pull/11270#issue-2456432178 That's pretty unfortunate | 17:49:09 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | But what we are mostly doing now is just enabling it for derivations needing it | 17:50:07 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | instead of e.g. skipping related tests | 17:50:37 |
| emily | right. well I don't think it's a problem to set when needed | 17:53:44 |
| emily | it might not be the end of the world to just allow the networking stuff unconditionally. but conversely I don't think it's that bad to have to add one line for packages that require it either | 17:54:02 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | In reply to @emilazy:matrix.org
it might not be the end of the world to just allow the networking stuff unconditionally. but conversely I don't think it's that bad to have to add one line for packages that require it either The problem is, we haven't documented it, and a lot of people just don't know it exists | 17:54:52 |
| emily | we should certainly add it to the Nix/Nixpkgs manuals, yeah | 17:55:20 |
| emily | there's a lot of Darwin stuff people aren't necessarily expected to know though, that's why we have the @NixOS/darwin-maintainers ping :) | 17:55:46 |
| emily | (and he understanding that it's okay to leave stuff broken on Darwin if nobody responds quickly to the ping) | 17:56:00 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | In reply to @emilazy:matrix.org
there's a lot of Darwin stuff people aren't necessarily expected to know though, that's why we have the @NixOS/darwin-maintainers ping :) Considering that many people do not have macOS devices, when a change can be built directly on foreign platforms instead of needing some manual attempt to confirm whether it can be built, the impression of contributors will be much better | 17:57:24 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | Just like we now don't have to set darwin sdks explicitly | 17:57:54 |
