@alwayscurious@infosec.exchange
I would absolutely love to see something like this:
Based on Nix or similar.
Fully declarative.
Building and execution is fully sandboxed, ideally using micro-VMs.
Accessible GUI for end-users to use.
Signing of both build inputs and outputs.
Multiple binary caches that cross-check each other to ensure that if one of them produces a wrong output, it is detected.
Does not require root privileges to install software.