yjftsjthsd-h 20 hours ago

> PS. I fear that Debian main may have already went into a state where it is not able to rebuild itself at all anymore: the presence and assumption of non-free firmware and non-Debian signed binaries may have already corrupted the ability for Debian main to rebuild itself. To be able to complete the idempotent and bootstrapped rebuild of Debian, this needs to be worked out.

Are any nonfree packages used as build inputs? If not, just ("just") bootstrap guix on a blobless platform, and cross build Debian from that

Reply View 0 replies
lrvick 12 hours ago

As an alternative to Guix with a much more strict supply chain security policy, consider: https://stagex.tools/

Reply View 1 reply
  • yjftsjthsd-h 3 hours ago

    Thanks, that's really cool. Have you used this? Does it work well and are there pain points to look out for? A necessarily hosted system strikes me as not exactly covering a full Trusting Trust situation (because the host can compromise it) but it otherwise looks really solid at a glance.

    Reply View 0 replies