• @[email protected]
    link
    fedilink
    105 months ago

    Most of the reason to build your own packages is a form of runtime assurance - to know what your computer is running is 100% what you intend.

    At least as a guix user that’s what I tell myself.

    • @[email protected]
      cake
      link
      fedilink
      145 months ago

      Compiling your own packages only ensures that, well, you’re running packages that you compiled. This definitely does not mean that your computer is running what you intend at all.

      Half the time I don’t know what my CPU is executing, and that’s code that I wrote myself.

      • @[email protected]
        link
        fedilink
        45 months ago

        This definitely does not mean that your computer is running what you intend at all.

        This is true of all programming

        • @[email protected]
          cake
          link
          fedilink
          35 months ago

          I like to imagine that the early heroes who programmed in punch cards and basically raw machine code knew exactly what the CPU was the computer was running, but who knows…

    • @[email protected]
      link
      fedilink
      45 months ago

      Do you audit all the code before compiling? Otherwise you’re just transferring your trust elsewhere.

      • @[email protected]
        link
        fedilink
        15 months ago

        This is my experience playing with FreeBSD.

        “These ports are cool, I can compile all the software from source so I know exactly what I’m getting!”

        [This software has 100 dependencies]

        “Well I’m not reading all that, I’ll just click Yes for all”