On 11/2/11 12:31 AM, Marc Weber wrote: > Excerpts from Shea Levy's message of Wed Nov 02 05:13:20 +0100 2011: >> 2. Different levels of trust: Other than the general goodwill of mankind >> (which I probably believe in more than most) and the lack of complaint >> from others, I have little assurance that hydra actually builds what it >> claims. > a) which assurance would you accept (would be good enough)? Should Eelco > Dolstra and tu delft sign same papers? :) > b) is it enough? I mean does gcc what it claims to do, does the hardware > what it claims to do?
Right, different people have different thresholds for what they will trust, and why. I just think allowing people to be more paranoid is a good thing whenever possible. For my part, I trust that hydra builds what it says, but I don't know how often, if ever, they verify the store there and what they do if it fails, so if I have a local build I will prefer it over a hydra build. > > tarballs should be protected by hash - and if you misstrust hashes you > should talk about requesting a stronger solution :) > > Marc Weber _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
