lix [1] might be less affected. Pierre Bourdon noticed that lix refactored surrounding code 4 months ago [2], and a comment claims that this Lix commit at least patched a different vulnerability GHSA-wf4c-57rh-9pjg [3].
To use lix instead of nix, set `nix.package = pkgs.lix` in your NixOS/home-manager configurations.
There are plenty of fantastic reasons not to, despite the prior issues with Eelco's leadership style. The NixOS Starknet situation[1] was very suspicious and involved many of the wrong incentives for an open source project. One of the primary people involved was trying to get the drops transferred to other people's accounts (getting around geofencing prohibiting US withdrawals too). So it is virtually guaranteed that is being transferred toward something other than the NixOS binary cache despite it being emphasised it would go there. I guess it will be going to "save Nix together" for the fork. All €20 000 or what-not of it.
At least Lix is doing some interesting things with the language and fixing some long-standing regressions, but some of the people involved seem to enjoy standing next to others doing the work whilst they loudly take credit, and participating in cryptocurrency ponzi schemes using open source as the vessel.
Lix claims to have a more welcoming community, but I too often see prominent members gloating about every Nix bugs and implementation details on Mastodon and elsewhere so YMMV.
If you look elsewhere in this thread, many of the bullies are doing PR for Lix and trying to use this situation to their advantage. What no one is disclosing to people is that their fork of nixpkgs (ForkOS) is nearly done, so pointing people to it is going to be almost entirely in their benefit. But, why would sociopaths tell people that when they can just publicly embarrass people instead?
The amount of gaslighting here is frankly astounding. There were some good developers who went over to Lix but also a few pathological liars and primary school bullies. People don't know half of the abuse going on.
Watch out, they may call you the problem when they're accidentally talking about themselves...
It's very bad and one can simply look through the Discourse and GitHub issues from earlier this year to discover the full extent of the problem. Watch how they turn a security issue into PR now, this is just a microcosm of the dishonesty.
It helps disambiguate Nixlang from the codebase that includes the Nix CLI and the Nix daemon, for one. It's also an unambiguous designation for the original Nix implementation, as opposed to Lix and Tvix.
A Lix user might well reasonably say they 'use Nix' because they use Nixlang. Thus some people are Nix users but not CppNix users. As Tvix matures, the same will be true of Tvix users.
Because apparently nix isn’t enough despite being the project name, executable name, and the name of the language it implements. No one calls rust “rustrust”
Full caps AWK feels like a relic from the screaming UNIX days, and golang for Go is incredibly common (and as far as I can tell, the proximate cause of the nixlang term)
To use lix instead of nix, set `nix.package = pkgs.lix` in your NixOS/home-manager configurations.
[1]: https://lix.systems/
[2]: https://mastodon.delroth.net/@delroth/113110218127456491
[3]: https://lobste.rs/s/ixb3v7/nix_2_24_is_vulnerable_remote_pri...