Re: Update on distro bootstrapping with Guix

[Simon Josefsson]

address@hidden (Ludovic Courtès) writes:

> All in all, from experience with NixOS, while security upgrades are more
> demanding on Nix-based systems, they are not much of an issue in
> practice.

Thanks for explaining.  However I don't see how a locally built binary
would fit into this?  They would either be insecure or not work after an
OS upgrade, wouldn't they?  Since they refer to libraries in paths that
no longer exists.  Or am I missing something?

Does guix have some mechanism to handle a set of installed packages and
their versions?  I'm thinking that you'd might want to lock down the
system to match a particular suite of tested software combinations, but
receive security upgrades for those packages, but not receive other
upgrades and certainly not receive the latest version of every package.
This would match how normal OS releases work.  The important thing is
that the set of installed packages should come from some server
somewhere, manually selected by the contributors to the project, and
that the list can be modified over time and updated automatically by
machines.

On the feasibility side, I would have higher hopes for something that
were able to re-use the work that has gone into dpkg/rpm packaging
because that would re-use of existing packages, to get a usable system
rapidly.  Maintaining build descriptions for those 20.000+ free software
packages out there is a huge amount of work.  Personally, I'd be happy
to use something based on Debian/Ubuntu but profiled for GNU [1].  But I
support all work that leads to more technically interesting GNU-free
OSes.

/Simon

[1] I know about gNewSense but there are no releases in several years...