David Thompson

David Thompson at

Guix verifies sources by SHA256 and Nix does this now, too.

The lack of signed archives is a known problem that is being worked on.  See https://lists.gnu.org/archive/html/guix-devel/2014-01/msg00064.html

I got this information from Ludovic Courtès, the maintainer of Guix.  Hope I helped clear things up a bit. :)

joeyh, Mike Linksvayer likes this.