I don't think it's fair enough. Look for example at their quoted source: https://reproducible.nixos.org/nixos-iso-minimal-r13y/ -- the way nix works allows for a mechanism to (almost*) check the reproducibility of the system, and it can show how reproducible it is for a complete build (99%).
In contrast, other distros like Debian have to rely on fuzzing to estimate this percent. Quoting from the FAQ:
> We don't currently inject randomness at the filesystem layer, but many of the reproducibility issues are being exercised already. It isn't possible to guarantee a package is reproducible, just like it isn't possible to prove software is bug-free. It is possible there is nondeterminism in a package source, waiting for some specific circumstance.
- Look at the text below the headers "Explaining RSA Cryptography" and "Explaining RSA Cryptography with JavaScript". Both paragraphs start with the exact same text. I believe there are far more chances that this was generated by a machine rather than a human.
- Look at the math! There is a code block where it says "scssCopy" -- the "Copy" is generally garbage from machine generated text+code snippets.
- The code has a missing function, `lcm`. Author has forgotten to include it, which can be a human or machine error.
This kind of episode makes me wonder if I should continue posting, suggest that people filter everything through an LLM, or just resign to the botspamcallypse.
In contrast, other distros like Debian have to rely on fuzzing to estimate this percent. Quoting from the FAQ:
> We don't currently inject randomness at the filesystem layer, but many of the reproducibility issues are being exercised already. It isn't possible to guarantee a package is reproducible, just like it isn't possible to prove software is bug-free. It is possible there is nondeterminism in a package source, waiting for some specific circumstance.
reply