1. 21
  1.  

  2. 6

    I’ll be trying it out, I always liked the idea, but the package quality was often lacking. Would be interested to see if that has improved.

    Speaking of which, our Debian ambassador told us that you will soon be able to apt install guix if you’re on Debian or a derivative distro!

    That’s great to hear, hope other distros will follow too! I wonder if installing something like Guix on multi-user systems (a corp, uni, etc.) would make administration easier or harder?

    1. 0

      hope other distros will follow too

      I don’t really think that makes sense; guix was designed from the ground up as a userspace package manager that can work in isolation from the rest of the system; apt and yum don’t have that property. They assume they own the entire system.

      1. 6

        hope other distros will follow too

        I don’t really think that makes sense; guix was designed from the ground up as a userspace package manager that can work in isolation from the rest of the system; apt and yum don’t have that property. They assume they own the entire system.

        Are you reading “hope other distros will follow too” as, “I hope other distros will package their native package managers so they can be installed on debian”, rather than, “I hope other distros will also have guix installable via their native package managers”?

        1. 3

          Oh haha, yes. That’s probably not what was intended, huh? Makes a lot more sense now!

        2. 2

          I don’t get what the problem is? I’ve installed Guix on a Debian system for packages that aren’t listed in the repositories, and it worked just fine, even if apt (nor guix for that matter) had to know about the other.

      2. 2

        Coupled to that, guix pull and guix system reconfigure now detect potential system downgrades or Guix downgrades and raise an error. This ensures you cannot be tricked into downgrading the software in your system, which could potentially reintroduce exploitable vulnerabilities in the software you run.

        I understand the benefits of authenticated channels in Guix, but isn’t downgrading sometimes desirable, for example “someone pushed a broken lib, I’ll just go back while it’s fixed”? Am I misunderstanding, and maybe there’s the option to do so anyway?

        1. 2

          I don’t use guix but I read it as if it’s just a warning, not an inability to do it.