Nix does dependency management well. Doesn't do version management.
Upstream package upgrade is coupled to downstream package upgrade.
Triggering mass rebuilds and a long stream of downstream breakage[1].
Requiring upgrades to happen in a blocking batch[2].
Affecting all ecosystems[3], the larger the worse.
Upstream package upgrade should be decoupled from downstream package upgrade.
To decouple, the upgrade process will shift from global to local, requiring each package to have it's lock of dependencies.
Downstream breakage would trigger the lock of dependency to last working version.
Outdated packages/dependencies duplicates dependencies until upgrade (duplicated > broken).
Only latest version and depended versions would be built/cached.
Some version management abstraction has to be defined to enable this.
A simple one might cut it. Maybe package_name.${version}? Needs prototyping.
Thoughts? Let me know. Thanks!