I really like the idea of open source software and use it as much as possible.
But another “problem” is that you don’t know if the compiled program you use is actually based on the open source code or if the developer merged it with some shady code no one knows about. Sure, you can compile by yourself. But who does that 😉?
But another “problem” is that you don’t know if the compiled program you use is actually based on the open source code or if the developer merged it with some shady code no one knows about.
Actually, there is a Debian project working on exactly that problem, called reproducible builds
yes and others are working on it, also! i believe some android folks are (f-droid iirc), and i’ve heard about it elsewhere. this stuff is super nerdy (so therefore cool to nerds such as myself). before the internet existed it would be so hard to even imagine the need for this sort of thing!
You can check it using the checksum. But who does that?
In all seriousness I am running NixOS right now using flakes. The package manager compiles everything unless a trusted source already has it compiled, in which case the package manager checks the checksum to ensure you still get the same result and downloads that instead. It also aims to be fully reproducible and with flakes it automatically pins all dependency versions so next time you build your configurations, you get the same result. It is all really cool, but I still don’t understand everything and I’m still learning it.
I love NixOS but I really wish it had some form of containerization by default for all packages like flatpak and I didn’t have to monkey with the config to install a package/change a setting. Other than that it is literally the perfect distro, every bit of my os config can be duplicated from a single git repo.
I really like the idea of open source software and use it as much as possible.
But another “problem” is that you don’t know if the compiled program you use is actually based on the open source code or if the developer merged it with some shady code no one knows about. Sure, you can compile by yourself. But who does that 😉?
Actually, there is a Debian project working on exactly that problem, called reproducible builds
https://wiki.debian.org/ReproducibleBuilds
yes and others are working on it, also! i believe some android folks are (f-droid iirc), and i’ve heard about it elsewhere. this stuff is super nerdy (so therefore cool to nerds such as myself). before the internet existed it would be so hard to even imagine the need for this sort of thing!
You can check it using the checksum. But who does that?
In all seriousness I am running NixOS right now using flakes. The package manager compiles everything unless a trusted source already has it compiled, in which case the package manager checks the checksum to ensure you still get the same result and downloads that instead. It also aims to be fully reproducible and with flakes it automatically pins all dependency versions so next time you build your configurations, you get the same result. It is all really cool, but I still don’t understand everything and I’m still learning it.
Based NixOS user
I love NixOS but I really wish it had some form of containerization by default for all packages like flatpak and I didn’t have to monkey with the config to install a package/change a setting. Other than that it is literally the perfect distro, every bit of my os config can be duplicated from a single git repo.
deleted by creator