• 4 Posts
  • 5 Comments
Joined 5 years ago
Cake day: June 10th, 2020
  • fishinthecalculator@lemmy.mlOPtoFediverse@lemmy.worldBonfire & Guix, a love story -- fishinthecalculatorEnglish
    2·
    1 day ago

    I think it’s worth the effort since it prevents numerous risks at the root, for sure it’s not enough. I agree that bootstrapping wouldn’t necessarily solve the XZ attack, but I think that should be solved by big tech paying FOSS maintainers enough or at all to prevent them from burning out.

    About the BSD experience that looks like a big amount of work but definitely worth it, I’m sure they didn’t ship many packages as Guix ships but I guess the projects have different goals and requirements.

  • fishinthecalculator@lemmy.mlOPtoFediverse@lemmy.worldBonfire & Guix, a love story -- fishinthecalculatorEnglish
    6·
    3 days ago

    I find Guix far better on almost every remark, in no particular order:

    • as you said some part of the Nix community is made of techbros (even if Guix attracts some fossbros as well)
    • the way governance is structured in the Nix community is brittle, just see the drama from which all the new Nix forks spawned
    • better documentation. The doc for Nix is scattered, the Guix manual, albeit not perfect, is much more complete
    • the Guile language is far clearer than Nix, also you don’t have to use it only for package recipes, you can build full applications with it
    • the Guix story around trustability of binaries is far better (checkout how Guix boostrapps everything), entires classes of vulnerabilities are prevented by design
    • the Guix UX is far better designed imho, the command line is intuitive and well documented and features are easily composable
    • the community is not diverging, as is the case for Nix flakes
    • Guix as well provides OCI integration, check out the point about enabling gocix