Topic: Different sources of packages Currently Nix use a mirror which is furnished by Hydra to deliver packages. Hydra and its mirror have been a central point of failure. Other distribution are providing multiple mirrors to answer this solution. Nix is capable of using different sources, but the current model is too centralized. Hydra solves 2 issues, the security aspect (Can I trust the way you are compiling packages), and the transport aspect (Can you transfer me this package). This makes Hydra a central point of failure for security and for reliability.
We should change that by adding 2 things; add GPG based authenticity of Nar signatures; add Torrent based transport for nar files. Note that the 2 things are independent from each others. This would be useful for distributing the charge of trust (Nar signature) to the authors of the packages, while getting a package from the user of the package (Nar file). On Sat, Aug 16, 2014 at 7:28 AM, Florian Friesdorf <[email protected]> wrote: > > Hi, > > in preparation for the sprint, please add your topics to the titanpad: > > https://titanpad.com/7yn7iBQ6n2 > > For discussion it might be nice to have one reply per topic to this > email. > > see you soon > florian > -- > Florian Friesdorf <[email protected]> > GPG FPR: 7A13 5EEE 1421 9FC2 108D BAAF 38F8 99A3 0C45 F083 > Jabber/XMPP: [email protected] > IRC: chaoflow on freenode,ircnet,blafasel,OFTC > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev > -- Nicolas Pierron http://www.linkedin.com/in/nicolasbpierron - http://nbp.name/ _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
