Post Av1d68dH4FJYuHiBH6 by alwayscurious@infosec.exchange
 (DIR) More posts by alwayscurious@infosec.exchange
 (DIR) Post #Av1d67spquASaFz5tI by alwayscurious@infosec.exchange
       0 likes, 0 repeats
       
       I would absolutely love to see something like this:Based on Nix or similar.Fully declarative.Building and execution is fully sandboxed, ideally using micro-VMs.Accessible GUI for end-users to use.Signing of both build inputs and outputs.Multiple binary caches that cross-check each other to ensure that if one of them produces a wrong output, it is detected.Does not require root privileges to install software.
       
 (DIR) Post #Av1d68dH4FJYuHiBH6 by alwayscurious@infosec.exchange
       0 likes, 0 repeats
       
       paging @ireneista because this came out of our recent conversation as an idea to get the benefits of containerization (works the same everywhere, sandboxing, no package conflicts, fixes can be pushed out quickly) without the loss of review that e.g. Flathub encourages.
       
 (DIR) Post #Av1d68dd2vb8vNsSpM by alwayscurious@infosec.exchange
       0 likes, 0 repeats
       
       also paging @qyliss because this seems a lot like what one gets if one smashes Spectrum together with Nix and Qubes Builder v2.