Y
Hacker News
new
|
ask
|
show
|
jobs
by
3836293648
723 days ago
Nix doesn't require everything to be built from source, sure, but everything downloaded must match a provided hash. What's the difference between downloading source code and binaries at that point?
1 comments
ryukafalz
722 days ago
It's easier to audit source code than binaries, and easier to audit it once than once for each architecture.
link
3836293648
722 days ago
Auditing is irrelevant to whether or not it's reproducable, which was the question here.
You also forgo any improvements to compiler improvements
link