Mike Gerwitz writes: > If a user is able to build from source
That's a question that I like to explore. If a user builds an npm package from its source repository, I assume that they install the devDependencies needed for that using npm? The transitive closure of installing all devDependencies for the `q' package by building them all from their source repositories, means building > 6000 packages. > , shouldn't Guix be able to? > And if neither can, how can we guarantee that the provided binary is > even free and actually corresponds to the given source? I would also like to explore if the source/binary package metaphor is a valid one for npm. For the packages that I considered, I used the `diff' command to assert that the installable npm package includes javascript and C files and are identical to the ones in the repository. Greetings, Jan -- Jan Nieuwenhuizen <jann...@gnu.org> | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.nl