Reproducible as in build environments or deterministic binaries? Nix has only reproducible build environments.
Package maintainer. For the end-user there is no practical difference between a container and nix, and you see how well the container ecosystem is currently handling security updates on their distributed images.
The problem is not distributing the fix, it's getting the fix patched.
Package maintainer. For the end-user there is no practical difference between a container and nix, and you see how well the container ecosystem is currently handling security updates on their distributed images.
The problem is not distributing the fix, it's getting the fix patched.