Unlike nix, stagex is reproduced and signed by multiple independent parties avoiding centralized trust in any single person or computer. It is also full source bootstrapped, 100% reproducible (nix is not quite there yet), container native, and toolchain agnostic (since you can use any OCI toolchain you want, docker, podman, kaniko, etc etc).
This has some tradeoffs though. Nix has more of a wikipedia-style approach to contributions where anyone can add almost anything with minimal accountability or friction. This approach positions them as more of a hobby distribution not designed for high security use cases.
On the positive side, this tradeoff means nix has a -huge- number of packages, and -most- things are reproducible, which makes it a fantastic reference for distros with more strict requirements like stagex.
Thanks! This is what I hoped you'd say - wish I had this six months ago when I was building re-produceable tooling for our factory in china to flash embedded devices with firmware.
lrvick|1 year ago
Unlike nix, stagex is reproduced and signed by multiple independent parties avoiding centralized trust in any single person or computer. It is also full source bootstrapped, 100% reproducible (nix is not quite there yet), container native, and toolchain agnostic (since you can use any OCI toolchain you want, docker, podman, kaniko, etc etc).
This has some tradeoffs though. Nix has more of a wikipedia-style approach to contributions where anyone can add almost anything with minimal accountability or friction. This approach positions them as more of a hobby distribution not designed for high security use cases.
On the positive side, this tradeoff means nix has a -huge- number of packages, and -most- things are reproducible, which makes it a fantastic reference for distros with more strict requirements like stagex.
beebaween|1 year ago