Comment by yjftsjthsd-h
8 days ago
Thanks, that's really cool. Have you used this? Does it work well and are there pain points to look out for? A necessarily hosted system strikes me as not exactly covering a full Trusting Trust situation (because the host can compromise it) but it otherwise looks really solid at a glance.
I use it for all my projects at several orgs, with several languages. I am the founding engineer of the project so I am likely a bit biased on ideal developer UX though.
Just drop a Containerfile in your project with pinned hashes of all dependencies and you will likely get deterministic results of your own software basically for free.
Here are some standalone projects that are built deterministically with stagex:
- https://codeberg.org/stagex/repros
- https://git.distrust.co/public/airgap
- https://git.distrust.co/public/enclaveos
- https://github.com/tkhq/quorumos
- https://github.com/siderolabs/toolchain/blob/main/Pkgfile#L5...
- https://github.com/MystenLabs/sui/blob/main/docker/sui-node-...
- https://github.com/tkhq/tkcli/blob/main/src/Dockerfile