is now the package repository with the most packages. It has the most up-to-date packages for a long time.

You can use those packages using the package manager on any distro, or .

We achieve this with only 15% of the maintainers has (2. most packages). Imagine what we could achieve with that much package maintainers!

I maintain 22 packages myself including a custom kernel. It is quiet easy with Nix!

We also have 300+ open security issues.
Since we don't have that many maintainers, we should first tackle that before admitting more and more packages into the repository.

@davidak and that is a good argument in your opinion?

@ck it's just for relation. we are not worse than other popular distros

that don't mean we should not improve that

@davidak this is comparing against distributions though, it's easy to package lots of things if you aren't rigorous at building everything from source.

@cbaines i guess you refer to AUR. we do build everything from source

AUR seem like a low effort way of packaging while in Nix, it's done properly

@davidak I don't know anything about AUR, but its my impression that sometimes nixpkgs derivations aren't particularly rigorous...

One example that comes to mind is Grafana. I'd really like to package it, but its pretty complicated given all the JavaScript+CSS stuff as well as the Go code.

I new it was packaged for Nixpkgs, but I realise that its just copying many non-source things from the tarball build by the upstream project!

@davidak obviously, there's bootstrapping problems with things like GCC and low level tools.

But this is not processing the typescript, and including a phantomjs binary is a different issue.

@cbaines yes not all packages are perfect and sometimes it's hard to do, as you noticed. but in general, packages should be build from source.

bootstrapping is another topic which is really pioneering. i don't think there is much effort in NixOS right now

@cbaines Nix and Guix user here, there are two complected issues here:
first, number of *useful* packages; Nixpkgs has plenty of them (some are binaries, some blobs, some broken) but majority of them Just Work™ (not in FSDG sense)
second, number of purely source based packages; here Nixpkgs is weak, there is no process to check whether we can rebuild a package from source, heck they even treat firmware blobs as libre.
Those are separate issues though and the OP ’s point is valid.

@davidak @cbaines Nix/Guix’s design choices allow small number of maintainers to do more work in comparison to traditional package managers which are inherently more messy thanks to mutation—to manage it we need more time (and heads).

Guix adds ethical/moral restriction (FSDG) which by definition *heavily* limits number of packages and requires much more work to add new.

Whether the restriction and its guarantees are worth the trade‑off depends on users and their values.

@davidak I get that you think Nixpkgs packages should build things from source, and I think that's great, but is there any policy or something written down somewhere that says new packages shouldn't be accepted if they don't build from source (apart from exceptional circumstances)?

@cbaines i think there is no written down rule, but i have seen it in the review process, that contributors are asked to do it properly

it's a good idea to write it down, so all contributors and reviewers are on the same page. i will try do do that. thanks!

do you know if there are similar rules in ?

@davidak that sounds good :D

As for Guix, I was anticipating that somewhere in the contributing guidance it would say packages should build the software from source, but I can't see that. Maybe I've missed it, but it looks like it might need explicitly staging in the Guix contributing guidance too...

@davidak JOSM looks like a good example of what I'm getting at, I'm pretty sure this isn't a "proper" package definition, at least one that builds from source and describes inputs/dependencies.

@davidak up to date packages like Xen 4.8.5 in NixOS? Even Debian stable has a newer version (4.11.4). Debian oldstable has the same version as NixOS. ;-)

@txt_file there is also Xen 4.10.4 available on NixOS stable and it's the default on unstable

NixOS has the most up-to-date packages, but 21.8% are out of date. xen seem to be one of them

most distros seem to have out-of-date xen with potential security issue

maybe no one cares about xen nowadays. why wouldn't one use KVM?

@davidak Why do people use vmware if there is kvm? Because sometimes you want to use a tier-1 hypervisor.

@txt_file @davidak
Businesses use vSphere/ESXi since there is enterprise support. Proxmox VE offers something similar for QEMU/KVM but is quite niche.
@davidak First and only time I propose a package : someone write reproof , fork it , fixt it and merge it ... No help, no education ... Sorry, but I don't want to create one anymore

@davidak Colleagues said thats because they don't have npm in the list ;)

@sergey_m "with more than one million packages, the largest software registry in the world"

i see 😁

Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community