It's astonishing that he fails to even mention Nix (and various other distributions like Bedrock) in the section on existing solutions and his previous post on reproducible software and rollbacks. It's almost like, he hasn't heard of it from inside the Red Hat bubble - or perhaps because it's not "Certified cgroup container systemd trending cloud Enterprise Linux (TM)", he isn't interested.
The way he presents this post is almost like he thinks he has discovered some problems nobody else has encountered before too. Nix solves the majority of the problems he mentions, and it still has plenty of room for improvement to fill the gaps where it doesn't. It should really send flags waving about the mentality behind this project and what their intentions really are. They probably want an "integrated solution" (read: tightly coupled to Red Hat components), so that they continue to be in the driving seat.
> We want our images to be trustable (i.e. signed).
Signing images does not make anything trustworthy at all - you still need to trust the signer. It's shocking to hear him mention "post-Snowden" world, yet completely fail to recognize that on should absolutely consider Red Hat to be the potential malicious party in this - especially considering their dubious customer base and large contracts with US government bodies.
On the other hand, Nix, Guix and Debian are trying to create an actual solution to the trust problem - by developing a system where one can perform bit-identical reproductions from the same source code, such that several independent parties can build the same software and you can opt-in to trust a consensus of parties, rather than a single one (and if you don't trust that, you can rebuild packages yourself from source). This is how to create trust in the post-Snowden world - you decentralize it.
> We want ...
We want a lot of things; but Mr Poettering, you have not told us why you want to NIH solutions to every problem you identify, rather than developing upon the existing solutions to (mostly) the same problems. How about some justification as to why Nix should not be considered as the framework to build on, or why say, Bedrock is inadequate for running packages from different distributions on the same OS. Must we really throw away 7 years of effort by the Nix community to support your next toy?
How does this help me from "Desktop app for tracking stars" or "Video game" application developer perspective that I want to build once, publish once and non-technical users will be able to install simply on(Debian, Ubuntu, Fedora, CentOS, NixOS.....) and not depend on distros packagers?
