• Atemu@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    8 months ago

    That’s a nice idea in theory but not possible in practice as the last Nixpkgs revision without a tainted version of xz is many months old. You’d trade one CVE for dozens of others.