|
4 | 4 |
|
5 | 5 | Nix tends to be several minor versions behind Go's official releases. |
6 | 6 |
|
7 | | -This posses chanllenges in two situations: |
| 7 | +This posses challenges in two situations: |
8 | 8 |
|
9 | | -1. When Go moves to a new majoer version |
| 9 | +1. When Go moves to a new major version |
10 | 10 | 1. When Go has a vulnerability on the current latest Nix version, fixed by a newer official release |
11 | 11 |
|
12 | | -For major versions it is usually fine to wait for Nix to have a major version compilation avaiable for devbox to use. This is because, no matter how early we may want to upgrade, many go tools we depend on, such as licence checking or linting or Kubernetes libraries such as `controller-runtime`, usually need some time to catch up with the major release anyways. By the time they support the new major version, there is usually a Nix compilation of the new Go release, at least in the unstable channel. |
| 12 | +For major versions it is usually fine to wait for Nix to have a major version compilation available for devbox to use. This is because, no matter how early we may want to upgrade, many go tools we depend on, such as license checking or linting or Kubernetes libraries such as `controller-runtime`, usually need some time to catch up with the major release anyways. By the time they support the new major version, there is usually a Nix compilation of the new Go release, at least in the unstable channel. |
13 | 13 |
|
14 | | -For minor versions, it can be more problematic. If the latest Nix available release is compromised, it mgiht take a few days or weeks for the new version to become available in Nix. On the other hand, Go only marks a vulnerable release after releasing the fixed version. |
| 14 | +For minor versions, it can be more problematic. If the latest Nix available release is compromised, it might take a few days or weeks for the new version to become available in Nix. On the other hand, Go only marks a vulnerable release after releasing the fixed version. |
15 | 15 |
|
16 | | -In other words, we need to be able to move to the latest Go release as needed, specially to avoid vulvnerabilities within the same major version. |
| 16 | +In other words, we need to be able to move to the latest Go release as needed, specially to avoid vulnerabilities within the same major version. |
17 | 17 |
|
18 | 18 | ## How |
19 | 19 |
|
@@ -43,10 +43,10 @@ Make sure to use the correct architecture filename download to grab its correspo |
43 | 43 |
|
44 | 44 | ## Testing |
45 | 45 |
|
46 | | -Using `devbox shell` normally would already grab and build the flake, as referenced by devbox.json entry `"path:./flakes/go": {}`. Still if you want to test the flake buil in isolation you can run (in this directory): |
| 46 | +Using `devbox shell` normally would already grab and build the flake, as referenced by devbox.json entry `"path:./flakes/go": {}`. Still if you want to test the flake build in isolation you can run (in this directory): |
47 | 47 |
|
48 | 48 | ``shell |
49 | 49 | nix build . |
50 | 50 | ``` |
51 | 51 |
|
52 | | -On success a `result` entry in teh directory soft links to the built flake. |
| 52 | +On success a `result` entry in the directory soft links to the built flake. |
0 commit comments