On Sat, 26 Dec 2015 09:07:38 +0000, Wout Mertens wrote: > If web-of-trust is the best solution, and the only blocker is build > reproducability, how about trying to classify > build differences? > > Each of the differences will have a reason, and either we can fix the build > to be deterministic (e.g. timestamps, > build paths), or we can classify a class of changes as equivalent (e.g. > optimalizations resulting in equivalent > code, prelinking). > [...]
Your suggestion sounds a bit like homotopy, which type theorists are now using to resolve their long-standing difficulties with intensional vs extensional equality; perhaps there is a connection between these difficulties and the fact that Nixos is not yet using the intensional Nix store model. How would one verify that the builds are equivalent, and that the difference is not due to a malicious modification ? Tim _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
