Hello Guix! I and others are often disappointed (or angry!) when looking at the weaknesses of the most popular software deployment tools. I felt that acutely after packaging PyTorch last month and felt the need to look more closely at what others are doing and to document our motivation, having put so much sweat in all these packages:
https://hpc.guix.info/blog/2021/09/whats-in-a-package/ It’s probably no news to people here, but the packaging approach has a direct impact on verifiability, and thus on security and transparency, as expected from a scientific process. The idea is to explain all that looking at the contents of packages, in particular for pip and CONDA. Feel free to share with non-Guix people and to comment! Ludo’.
