I meant that as a reply to the second paragraph which generalised anarchism; including the non-Linux world.
I also disagree that this isn’t an issue in the broader Linux community however. See for example the loud minority with an irrational hate against quite obviously good software projects like systemd who got those ideas from charlatans or “experts”.
You gave them an irrevocable license to basically use your content in any way they see fit. Them not showing posts you deleted is just them being nice, not being obligated to do so. They could simply ignore your request or restore posts later.
You should have thought about that when you gave them that license to your content.
I was worried about possibly needing to change license.
I’d rather ask the contributors to consent to licensing their code under the new license. You don’t need the copyright in the hand of one entity to change license, it’s enough if all copyright holders agree.
The situation is made seemingly complicated by the possible need to use copylefted images
WDYM by “images”?
As in art assets? I’m not sure those would even be infectious. I think it’s possible to even use non-free assets in a GPL’d application. It may be better to treat them as such to keep the licensing simple though.
Even then, it’s usually possible to “upgrade” permissively licensed code (such as Apache 2.0) to a copyleft license as long as the original license’s conditions are still met which usually involves denoting which parts of the code is also available under the permissive license.
Why does it need to be public-facing? There may be solutions that don’t require exposing it to billions of people.
Security is always about layers. The more independent layers there are, the fewer the chances someone will break through all of them. There is no one technology that will make your hosting reasonably secure, it’s the combination of multiple.
You’ve already mentioned software ran inside an unprivileged sandbox.
There’s also:
Sandbox ran unprivileged inside a VM
VM ran inside unprivileged sandbox
Firewall only allowing applications to open certain ports
Server running all of that hosted by someone else on their network with their own abstractions
There’s the WIP NixOS-based SnowflakeOS that aims to make NixOS approachable for mere mortals but that’s still declarative configuration and of course still NixOS under the hood.
There’s a bunch of immutable distros out there that use OStree or some other imperatively managed snapshotting mechanism such as Fedora Silverblue or VanillaOS.
While that is true, it’s also r13y on another level: Reproducible evaluation. That mostly stems from pure eval and locking.
In the “before times”, you’d get your Nix expressions from some mutable location in the Nix path, so running i.e. a nixos-rebuild on your configuration could produce two different eval results when ran at two different times, depending on whether anything about your channel configuration changed in the mean time. This cannot happen with flakes as all inputs are explicitly given and locked.
You could achieve the same using niv etc. before but that had its own issues.
This is a lot to take in; it’s basically an overview of all the interesting features of Nix. When starting out, you don’t need this kind of in-depth knowledge. I personally gathered most of what was covered here in over 6-12months of using it and I did just fine.
It might still not be for you but don’t take this as the reference point.