[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NPM and trusted binaries

From: Pjotr Prins
Subject: NPM and trusted binaries
Date: Tue, 6 Sep 2016 18:50:48 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

On Tue, Sep 06, 2016 at 11:48:04AM -0400, Thompson, David wrote:
> On Sun, Sep 4, 2016 at 10:11 AM, Jan Nieuwenhuizen <address@hidden> wrote:
> >    * add --binary option to importer, sets (arguments (#:binary? #t))
> This violates a core principle of Guix: reproducible builds.  I don't
> support patches that encourage using pre-built binaries.

In principle I agree. We want to be able to read the code.

Still, I think Guix would benefit from a somewhat more relaxed stance
in this. Especially where it comes to cross-platform binary
deployments we could be accelerate things now and then - and maybe
work on source deployment later. I am thinking of Erlang Beam and the
JVM mostly. If binaries are *trusted* we could do that. Point of note,
we distribute *trusted* binaries already. Who builds those?

I am becoming increasingly of the opinion that Guix can be a 'small'
core of rock solid software and we should provide mechanisms to wave
out in other maybe less controlled directions. Whether it is in source
or in binary form.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]