Recent searches
Search options
#devenv now collects "anonymous" data to train their "AI"
https://devenv.sh/blog/2025/02/13/devenv-14-generating-nix-developer-environments-using-ai/
@flashfox *sigh*.
Time to make my own devshells.
At least in #nixpkgs the telemetry seems to be of by default now
@jfredett @oliverwiegers .... and reverted by the author, who apparently has commit rights and does not seem to agree with community PR workflow.
So we now have commercial actors in #nixpkgs who can just push their own commercial agenda be decree.
gold.
@oliverwiegers @flashfox @jfredett Not the Nix package manager team, but yes, he has contributed a lot in the past, esp in the sort of 2010-2018-ish era, although I'd have to check when he got involved. It was early. I'd also consider his Cachix product to be a significant contribution and I think he's managed it in a way that's good for the community.
He's implemented https://consoledonottrack.com/ and it's open source so we can check that it works.
Opt-in would be nicer, but it's something.
@roberth @oliverwiegers @jfredett @cafkafk So looks like the #devenv opt-out is not as out as you might have though...
https://discourse.nixos.org/t/should-commercial-actors-ship-telemetry-in-nixpkgs/60279/42
@flashfox @roberth @oliverwiegers @jfredett @cafkafk C'mon, calling it a malware would be definitely too much. Let's give time to Domen and the Nix community to find a graceful way to handle telemetry in packages.
@Pol @flashfox @roberth @oliverwiegers @jfredett malware does imply malice, but we can’t ignore that if it is true that it actually just tars up your entire git repo and sends it over the wire, regardless of intent, it’s a major security risk, like I have confidential stuff in repos, I can’t just have it send to domen, even if he doesn’t look
Like my security posture towards nix-git-hooks now has to change, this is actually kinda serious, even if it’s a mistake.
@Pol @flashfox @jfredett @oliverwiegers @roberth like don’t get me wrong, I haven’t verified that this leak is happening, and I don’t care to hate on domen, he seems nice from what little i’ve interacted with him
…but that does not matter what-so ever, it’s not a blame game issue, we don’t need to give people “time” and “grace” here, we need to say openly that a huge library a lot of people depended on seems super insecure, and tell them to avoid it. And that there was a conflict of interest and a self merge of something against the communities interest.
Like the whole discourse here is just so pointless, it’s obvious these things are just wrong, why does everything that is so obvious end up always being like a debate club thing, that has to be argued to death. What’s the point? We’re all gonna reach consensus in five years on systems that are beyond broken and fragile, and completely unusable for anything security critical???
@Pol @flashfox @jfredett @oliverwiegers @roberth like stop treating him as a friend and start putting the communities interests first for once, instead of rushing to defend something before mitigating the open fire! JESUS
@cafkafk @cafkafk @roberth @jfredett @flashfox @oliverwiegers @Pol I think you need a timeout from this issue. You’re blowing this way out of proportion. It appears as though more people are already involved and discussing about this issue, which is what mature people should do. Your shouting and insinuations with lack of evidence are not helpful.
@domenkozar
Tell you what: you publish a blog post on devenv.sh owning up to what happened, and I'll apologize for assuming malicious intent.
@flashfox @domenkozar @Pol @cafkafk @roberth @jfredett @oliverwiegers acting and judging based on assumptions, not a good plan.
@domenkozar regardless of the drama here, this is a great learning opportunity for a company. I love these kind of situations because you learn more about running a business. Like at some point you get to a level where you cannot go without compliance, legal obligations etc. Must be exciting times, good luck with your endeavors!
@domenkozar
You realize the irony, right? This whole thing blew up because you put your own needs first. Do you really think that's the strategy you should hold on to?
@flashfox @cafkafk @roberth @jfredett @oliverwiegers keep the hate going :)
@domenkozar
It's your reputation, can only loose it once