It’s been a long time since the last time I read from ambrevar’s blog. Forgot how interesting his articles are
Reproducible builds and bootstrap ability is an undertaking by many distributions, not only GNU Guix. Debian is a big actor in this field.
Yes but guix goes further in this field, for example with the guix challenge subcommand which enables to compare build hashes against various build farms. guix also does outstanding R&D around bootstrappability which is key to defeating trusting trust attack. guix also enforces PGP signatures on all source recipes, and provides an easy-to-use guix git-authenticate command to validate the entire history of a repo from a given commit.
These three points are what makes guix apart from all other distros (so far) in terms of secure/reproducible software.
