It is unclear why one should upgrade cacert when upgrading nix (this follows from the lack of clarity about what the consequences of installing cacert are).
Proposal
Explain why, perhaps by explaining the disadvantages of not upgrading it alongside nix.
My hypothesis is that installing or upgrading cacert on , e.g., Ubuntu in fact has no special consequence and thus this recommendation should be removed or be further specified such that, e.g., Ubuntu users understand they need not follow it. This hypothesis is based on me checking my shell's environment variables in Pop!_OS 22.04 with a nix multi-user official installation and noting that, even with cacert in my user profile, NIX_SSL_CERT_FILE nonetheless points to /etc/ssl/certs/ca-certificates.crt (this path is managed by the distro and not by nix), and that SSL_CERT_FILE is unset.
Problem
See https://github.com/NixOS/nix/blob/1c131ec2b71fa7ad6fd285ed2a9fcc4cf616b3a6/doc/manual/src/installation/upgrading.md?plain=1#L19C1-L27C1 .
It is unclear why one should upgrade
cacertwhen upgradingnix(this follows from the lack of clarity about what the consequences of installingcacertare).Proposal
Explain why, perhaps by explaining the disadvantages of not upgrading it alongside
nix.Note
I have traced the commit that introduced such a recommendation to https://github.com/NixOS/nix/pull/3581/commits/446649e5403f9c41601eee6438eaeed5212b9190 .
My hypothesis is that installing or upgrading
cacerton , e.g., Ubuntu in fact has no special consequence and thus this recommendation should be removed or be further specified such that, e.g., Ubuntu users understand they need not follow it. This hypothesis is based on me checking my shell's environment variables in Pop!_OS 22.04 with anixmulti-user official installation and noting that, even withcacertin my user profile,NIX_SSL_CERT_FILEnonetheless points to/etc/ssl/certs/ca-certificates.crt(this path is managed by the distro and not bynix), and thatSSL_CERT_FILEis unset.Checklist
Priorities
Add :+1: to issues you find important.