| 2 Aug 2022 |
 j-k | currently you'd just need to say, "we need to onboard nix, the rest is likely onboarded: stdenv tools which are pretty standard everywhere (core-utils, gcc), fetchers that use git & curl". Adding in 1 extra odity is probably not a big blocker but it is another blocker | 12:08:03 |
 infinisil | Though bash is very easy to write insecurely, which makes me think that companies should be more willing to accept a safer language | 12:08:27 |
 Melkor333 | I would so want to recommend oil shell (which tries very hard to be a sane upgrade path) but that would get us back to the security chain problem | 12:09:20 |
| Melkor333 | *upgrade path from bash | 12:09:33 |
 Alyssa Ross | I think trying to optimise for box ticking by hypothetical companies is not going to be productive | 12:09:44 |
| j-k | is it hypothetical if some of the clients I consult for are actually like this? | 12:10:30 |
| infinisil | Actually we don't really need to be worried about that very much, since nix runs in a sandbox anyways | 12:10:41 |
| infinisil | * Actually we don't really need to be worried about that very much, since nix runs builders in a sandbox anyways | 12:11:18 |
| j-k | you can't just run anything you want in a sandbox because you care about the output | 12:11:45 |
| Alyssa Ross | (IMO it's also very unlikely the Nix sandbox would stand up to truly malicious code) | 12:12:10 |
| infinisil | In reply to @j-k:matrix.org
you can't just run anything you want in a sandbox because you care about the output Ah right.. | 12:12:37 |
| Alyssa Ross | let me revise my statement then, since the companies are not hypothetical | 12:14:38 |
| Alyssa Ross | I think trying to optimise for box ticking is not going to be productive | 12:14:44 |
| infinisil | Hehe | 12:15:08 |
| infinisil | We do need to keep that in mind, but yes I don't think this is a blocker at all for using something other than bash | 12:15:33 |
| Alyssa Ross | If we can deliver more value by using a better tool, we can presumably justify that tool | 12:16:01 |
| j-k | yes we can totally go for oil if it adds significant value. it doesn't look like oil itself has many dependencies either. just something to consider | 12:16:16 |
| Alyssa Ross | One thing you might find quite alarming about Oil is that it has a self-maintained Python 2 fork! | 12:16:37 |
| Alyssa Ross | (it's on its way out — they're rewriting in C++, but not terribly fast, I think) | 12:16:54 |
| infinisil | I do think the fact that only a single person develops oil makes it not a great candidate | 12:17:09 |
| Alyssa Ross | I don't think it's true that only a single person develops oil. | 12:17:32 |
| Alyssa Ross | infinisil: https://www.oilshell.org/blog/2022/07/release-0.11.0.html#project-recap-and-update | 12:17:52 |
| Melkor333 | In reply to @qyliss:fairydust.space
I don't think it's true that only a single person develops oil. It's currently very heavily pushed by a single person. But he got a grant and right now at least 2 people work at it (one compiler engineer IIRC). | 12:18:21 |
| infinisil | Ah nice | 12:18:48 |
| j-k | yeah there seems to be a desire for a more advanced shell (e.g. oil, xonsh, nushell, google dev working on xz) but not much actual movement | 12:18:51 |
| Melkor333 | But your point is still valid, I think it needs to become more mature first | 12:18:54 |
| Alyssa Ross | Yeah | 12:19:37 |
| Alyssa Ross | I think we could start making moves in its direction, with a plan to adopt it a bit down the line | 12:19:51 |
| Alyssa Ross | (There's value to being involved during immaturity, because it gives us scope to shape the direction if we need to) | 12:20:09 |
| Melkor333 | In reply to @qyliss:fairydust.space
(There's value to being involved during immaturity, because it gives us scope to shape the direction if we need to) This is very true, especially since Andy seems very approachable | 12:24:48 |
