From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pjotr Prins Subject: NPM and trusted binaries Date: Tue, 6 Sep 2016 18:50:48 +0200 Message-ID: <20160906165048.GC18454@thebird.nl> References: <87shtiz8f7.fsf@gnu.org> <877farzrdl.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:36780) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bhJb0-0001TI-SS for guix-devel@gnu.org; Tue, 06 Sep 2016 12:51:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bhJav-0007nB-R6 for guix-devel@gnu.org; Tue, 06 Sep 2016 12:51:37 -0400 Content-Disposition: inline In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: "Thompson, David" Cc: guix-devel On Tue, Sep 06, 2016 at 11:48:04AM -0400, Thompson, David wrote: > On Sun, Sep 4, 2016 at 10:11 AM, Jan Nieuwenhuizen wrote: > > > * add --binary option to importer, sets (arguments (#:binary? #t)) > > This violates a core principle of Guix: reproducible builds. I don't > support patches that encourage using pre-built binaries. In principle I agree. We want to be able to read the code. Still, I think Guix would benefit from a somewhat more relaxed stance in this. Especially where it comes to cross-platform binary deployments we could be accelerate things now and then - and maybe work on source deployment later. I am thinking of Erlang Beam and the JVM mostly. If binaries are *trusted* we could do that. Point of note, we distribute *trusted* binaries already. Who builds those? I am becoming increasingly of the opinion that Guix can be a 'small' core of rock solid software and we should provide mechanisms to wave out in other maybe less controlled directions. Whether it is in source or in binary form. Pj.