i may not understand this well enough, but with that in mind...
the nix crowd allows something that they call vendoring: they use the native
tools of the language ecosystem to fetch the transitive closure of the
dependencies, as specified by their own package management descriptions. then
they compute a hash on the entire directory, and record it in the leaf
package's definition. i think this vendoring dir/archive then even gets cached
by their substitute servers (for prosperity).
IIUC, this method is rejected by guix on principle.
if someone wants to test their mailing list search-fu, then there was a similar
discussion about golang in the past.
--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“As children go, so go nations. It's that simple.”
— Carol Bellamy
