That would be great if we had deterministic build outputs, but we currently have no easy way of determining whether a binary cache is corrupt or whether a build was nondeterministic.
On Thu, Dec 24, 2015 at 10:30 PM, Tim Barbour <[email protected]> wrote: > On Thu, 24 Dec 2015 21:21:03 +0000, > Anders Papitto wrote: > > I've seen several conversations centered on how to enable private > individuals and/or companies to contribute to > > publicly available binary caches, without requiring end users to > explicitly trust those private entities. The main > > problem, for which I'm not aware of a complete solution, is that there > is no way to verify a build output provided > > by such a private entity is actually the result of an honest build. > > [...] > > I have thought this way too, but perhaps it is wrong way around. > > Perhaps it would be better to encourage private entities to provide binary > caches, regardless of their integrity, then check hashes between the > caches. > Given a sufficient number of caches, any compromised cache should be > quickly > detected by discrepancies in hashes (comparisons could be done by end > users, > among others). > > This reminds me of how a PGP-style web of trust is better than trusting a > central certificate authority to guarantee integrity. > > Tim > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev >
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
