They absolutely did, and beat us to it. They were a fantastic reference, and we link to their blog posts in our readme. We even have a comparison with Guix there too.

https://codeberg.org/stagex/stagex/#comparison

Guix optimized for maximizing package and architecture variety quickly and focused on retrofitting supply chain security tactics as a secondary goal later where possible. For example it allows for untrusted packages with binary blobs in the supply chain in cases like Haskell, Ada, and Qemu. Their supply chain security efforts are on a package by package basis and not mandatory, and still assume that all maintainers are unable to be compromised.

Stagex by contrast is a supply-chain-security-first distro that can trust no single maintainer or computer by design. As such, Haskell and Ada are impossible to add support for right now as no bootstrap path exists for them.

With Qemu we did the hard work of learning how to build all those binary blobs ourselves from source because we really needed it.

Guix has by far the best supply chain security of any workstation distro out there, but I would never ever use it in the supply chain of anything bound for high value production use where no single person should be trusted. Guix is also very difficult to use in container environments as it has no signed/reproducible OCI images so you would have to build all that yourself.

That is what stagex was built for.