Guix verifies sources by SHA256 and Nix does this now, too.
The lack of signed archives is a known problem that is being worked on. See https://lists.gnu.org/archive/html/guix-devel/2014-01/msg00064.html
I got this information from Ludovic Courtès, the maintainer of Guix. Hope I helped clear things up a bit. :)
The lack of signed archives is a known problem that is being worked on. See https://lists.gnu.org/archive/html/guix-devel/2014-01/msg00064.html
I got this information from Ludovic Courtès, the maintainer of Guix. Hope I helped clear things up a bit. :)
joeyh, Mike Linksvayer likes this.