MacOS is closed source centralized trust so it is not even trying to have accountability. If you add in Homebrew you -also- add trust in hundreds of unvetted internet randos pushing and merging unsigned commits without strict review requirements.

Silverblue and NixOS are not fully reproducible, and rely on blind maintainer trust to merge anything they want, then shifts to a centralized build/signing trust model for all packages (single points of failure)

Debian has inflated reproducibility stats as it allows bootstrapping packages from binary blobs exposing it to trusting trust attacks, and overall relies on a distributed trust model where different maintainers maintain and sign different packages (many points of failure)

Stagex, which is what ReprOS is built with, relies on a decentralized trust model with 100% full-source-bootstrapped, deterministic, multi-party-signed commits, with multi-party-signed builds, (no single computer or human is trusted).

The former options are highly complex desktop focused operating systems that are fast and loose with supply chain security in order to maximize contributions and package variety.

Stagex by contrast is -not- a desktop distribution and cranks supply chain security all the way up focusing primarily on those few packages needed for mission critical build, administrative, and server use cases.

ReprOS by extension you can build from hex0 all the way up to compilers and a final .iso bit for bit identical every time, so admins can form confidence they are running unmodified upstream source code without any chance of tampering by a compromised maintainer.

That is very cool and makes sense! I can see myself using this for sure. Put that in the README! :P

There is a comparison section in the stagex README: https://codeberg.org/stagex/stagex

Let us know if you can think of any ways we could communicate how we differ better!