In response to the Snowden revelation that the CIA compromised Apple developers' build process, thus enabling the government to insert backdoors at compile time without developers realizing, Debian, the world's largest free software project, has embarked on a campaign to to prevent just such attacks. Debian's solution? Reproducible builds.
Reproducible builds, as the name suggests, make it possible for others to reproduce the build process. "The idea is to get reasonable confidence that a given binary was indeed produced by the source," Lunar said. "We want anyone to be able to produce identical binaries from a given source."
Nix is a purely functional package manager. It allows multiple versions of a package to be installed side-by-side, ensures that dependency specifications are complete, supports atomic upgrades and rollbacks, allows non-root users to install software, and has many other features. It is the basis of the NixOS Linux distribution, but it can be used equally well under other Unix systems.