I had tried to use Guix on one of my personal computers (instead of my usual, Arch Linux), but unfortunately since my knowledge of Guile Scheme was lacking, I had difficulties.
My pain points were essentially:
- The documentation was great from a reference standpoint, but unfortunately it was rough from an introductory point-of-view. I had great difficulty successfully setting up my own packages.
- Some tooling (such as asdf-vm[0]) didn't work, and it wasn't clear as to why. Note that this was something that I expected and was ready to work around as needed
- While I understand and agree with most of the GNU mantra of free software, it was simply difficult and unwieldy to use my laptop since it required non-free software (including but not limited to WiFi drivers). There is a "nonguix" package repo which can fill this need, but many of their support channels/forums prohibit discussion of non-free software.
Going forward, I really like the idea of Guix. I think if I were to try it again, I'd use it as a package manager on an Arch System, and get comfortable with the more advanced administration tasks before I installed the standalone OS again.
[0] - https://asdf-vm.com/
Nice project, and an important step in the right direction.
Can't help but think that the real tricky part comes after provenance is recorded.
What do you do with all of that - is there something enforcing an allowlist/denylist using the data?
How is being kept updated with new builds and the CI/CD pipeline? All the builds or just with a certain other metadata? How do you handle exceptions? How do you handle devs experimenting?
How are the attestation signing keys being protected?