Hi!

Guix gives lots of guarantees locally: packages can be --check'ed,
profiles are reproducible, etc.

I am wondering whether Guix can still provide more guarantees than
non-functional package managers / OS when running on a remote machine
(controlled by an non-trusted third-party) with, say, SSH root access.

For instance, can we somehow have the guarantee that the remote machine
is the Guix we installed and hasn't been tampered with?

I'm not sure whether I'm asking something trivial or not.  If the
latter, I'd be happy to read more literature about it.

What do you people know on the topic?

-- 
Pierre Neidhardt
https://ambrevar.xyz/