Guix or any rewrite as a library in a well-developed language
The fundamental difference with Guix is that evaluation (what they call "host code" -- everything that happens BEFORE the .drv is written) is wildly impure.
Guile code can access the network, write to the filesystem, heck it can even pull bytes from /dev/random. It can delete your home directory or email your ssh private keys to Zimbabwe.
The Nix language, by contrast, is incredibly restricted in order to make evaluation a deterministic function of the .nix source code you give it, things whose cryptographic hash is in the .nix source code, and nothing else. There is an --impure flag which lets it read from (but not write to) the filesystem but nixpkgs does not use that.
That is a pretty big rift that I find myself unable to cross. I can eval Nix code from any random bozo on the interwebs without having to trust them. If I trust the nix sandbox (which I mostly do) I can even build the resulting drv. I can be sure that evaluating that Nix code will produce exactly the same drv two years from now that it did today. Guix doesn't offer those things. Because scheme. I'm sorry but scheme just isn't the right language for this, it's too powerful.
The fundamental difference with Guix is that evaluation (what they call "host code" -- everything that happens BEFORE the .drv is written) is wildly impure.
Guile code can access the network, write to the filesystem, heck it can even pull bytes from /dev/random. It can delete your home directory or email your ssh private keys to Zimbabwe.
The Nix language, by contrast, is incredibly restricted in order to make evaluation a deterministic function of the .nix source code you give it, things whose cryptographic hash is in the .nix source code, and nothing else. There is an --impure flag which lets it read from (but not write to) the filesystem but nixpkgs does not use that.
That is a pretty big rift that I find myself unable to cross. I can eval Nix code from any random bozo on the interwebs without having to trust them. If I trust the nix sandbox (which I mostly do) I can even build the resulting drv. I can be sure that evaluating that Nix code will produce exactly the same drv two years from now that it did today. Guix doesn't offer those things. Because scheme. I'm sorry but scheme just isn't the right language for this, it's too powerful.