It is unclear why one should upgrade cacert when upgrading nix (this follows from the lack of clarity about what the consequences of installing cacert are).
Proposal
Explain why, perhaps by explaining the disadvantages of not upgrading it alongside nix.
My hypothesis is that installing or upgrading cacert on , e.g., Ubuntu in fact has no special consequence and thus this recommendation should be removed or be further specified such that, e.g., Ubuntu users understand they need not follow it. This hypothesis is based on me checking my shell's environment variables in Pop!_OS 22.04 with a nix multi-user official installation and noting that, even with cacert in my user profile, NIX_SSL_CERT_FILE nonetheless points to /etc/ssl/certs/ca-certificates.crt (this path is managed by the distro and not by nix), and that SSL_CERT_FILE is unset.
Problem
See https://github.com/NixOS/nix/blob/1c131ec2b71fa7ad6fd285ed2a9fcc4cf616b3a6/doc/manual/src/installation/upgrading.md?plain=1#L19C1-L27C1 .
It is unclear why one should upgrade
cacert
when upgradingnix
(this follows from the lack of clarity about what the consequences of installingcacert
are).Proposal
Explain why, perhaps by explaining the disadvantages of not upgrading it alongside
nix
.Note
I have traced the commit that introduced such a recommendation to https://github.com/NixOS/nix/pull/3581/commits/446649e5403f9c41601eee6438eaeed5212b9190 .
My hypothesis is that installing or upgrading
cacert
on , e.g., Ubuntu in fact has no special consequence and thus this recommendation should be removed or be further specified such that, e.g., Ubuntu users understand they need not follow it. This hypothesis is based on me checking my shell's environment variables in Pop!_OS 22.04 with anix
multi-user official installation and noting that, even withcacert
in my user profile,NIX_SSL_CERT_FILE
nonetheless points to/etc/ssl/certs/ca-certificates.crt
(this path is managed by the distro and not bynix
), and thatSSL_CERT_FILE
is unset.Checklist
Priorities
Add :+1: to issues you find important.