A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
  • Jason2357@lemmy.caEnglish
    1·
    4 hours ago

    Thats like nix packager, right? Looks interesting to layer on top. Says they are all reproducible builds which is nice.

    • HaraldvonBlauzahn@feddit.orgEnglish
      1·
      2 hours ago

      Yes, Guix is initially a clone of Nix and has still remains of shared code (the build daemon).

      Differences:

      • Guix packages are defined in a Scheme dialect called Guile, a nice minimal functional language
      • Guix was created as a GNU project and stresses the importance of free software with strong copyleft
      • everything is built from source
      • very good and well organized documentation