The politics of language design by Pierre-Étienne Meunier in #LixCon2026
« Fake supply chain security, even worse than no supply chain security at all? »
…Yeah:
1. The builds aren’t guaranteed reproducible by design, I mean, it’s the exactly same as Debian, etc. About Nix I don’t know the details, please read Nix’s expert @luj blog post: https://luj.fr/blog/is-nixos-truly-reproducible.html
About Guix, it’s currently poorly monitored, to my knowledge.
3/6
The politics of language design by Pierre-Étienne Meunier in #LixCon2026
« Fake supply chain security, even worse than no supply chain security at all? »
…Yeah:
2. Guix/Nix packages stuff: it means it provides tooling for auditing and verifying if the binary matches the identified source; and for the whole chain of dependencies. But there is no guarantee it’s fully error-free – we’re able to point where the error if any comes from. It’s already a lot!
Guix is like the indian Dabbawala service using “barecodes” everywhere. It doesn’t prevent stories as The Lunchbox. 😉
https://en.wikipedia.org/wiki/Dabbawala
https://en.wikipedia.org/wiki/The_Lunchbox
4/6
