Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Nix doesn't require everything to be built from source, sure, but everything downloaded must match a provided hash. What's the difference between downloading source code and binaries at that point?


It's easier to audit source code than binaries, and easier to audit it once than once for each architecture.


Auditing is irrelevant to whether or not it's reproducable, which was the question here.

You also forgo any improvements to compiler improvements




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: