Nix and NixOS

After looking at the current way Go code is packaged in nixpkgs using buildGoModule, disadvantages are pointed out with a focus on security (backed by data from govulncheck-nixpkgs project) and performance. Out-of-tree alternatives are presented with a focus on the new and promising approach of gobuild.nix, which implements a hook-based builder with module-level caching.