release-wiki icon indicating copy to clipboard operation
release-wiki copied to clipboard
verified publisher icon NixOS

Tag name is dangerous

Open roberth opened this issue 3 years ago • 2 comments 

{
  inputs.nixpkgs.url = "NixOS/nixpkgs/22.05";
}

Did you spot the security issue?

Let's replace the release tags by something descriptive, like 22.05-start or 22.05.0, so that users don't accidentally fail to update their packages.

roberth avatar Aug 14 '22 07:08 roberth

While I agree with the point in general, this particular example feels like a niv bug. I wouldn't expect --branch to use a tag.

dasJ avatar Aug 14 '22 10:08 dasJ

this particular example feels like a niv bug.

That's fair actually. I figured I'd add a non-flake example, but this is not it. Editing.

roberth avatar Aug 14 '22 10:08 roberth