On Sun, 26 Sep 2021 05:08:32 -0500 quil...@riseup.net wrote: > Denis 'GNUtoo' Carikli <gnu...@cyberdimension.org> writes: > > >> How is the ReactOs package manager different from package managers > >> on unix-like systems? > > If I recall well, at the time they didn't host the software that was > > available in their package manager at all. > > > > Their "package manager" was merely a tool to download software from > > various URLs and execute their installers. However the interface was > > quite similar to existing graphical package manager frontends. > > > > The technical advantage of implementing in this way is that it > > requires way less work. > > Oh! So it was similar to what Guix is? Guix also downloads the > software from various non-Guix URLs, if the package you want to > install does not have a compiled version. And if has a compiled > version hosted in Guix servers, there are so many factors in the > compilation that it is impossible to audit for freedom in a rigorous > way for every package. >
It is possible with Guix because Guix packages are reproducible. The hash of the source code is contained in the package definition. If it does not match, Guix will refuse to install it. It is possible to check whether a locally built version is the same as a substitute with 'guix challenge'.
