Hello Guixen (Guixers? Guix-noscenti?) The sys admin at my institute expresses concern that we would potentially expose ourselves to additional security risk by building scientific software stack in Guix where we might depend on alternate versions of, say, openssl.
Do you agree this is a reasonable concern, and, if so, is there a "position statement" on the matter? I'm guessing this is in part a matter of trust - i.e. do we trust GNU/guix gang as much as, say the Red Hat/CentOS gang. Or am I perhaps misunderstanding the consideration? I'd be interested in hearing any position on the matter. Thanks for your consideration, Malcolm Cook Computational Biology Stowers Institute for Medical Research
