guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] Guix + GNUnet at GSoC?


From: Christian Grothoff
Subject: Re: [GNUnet-developers] Guix + GNUnet at GSoC?
Date: Thu, 05 Mar 2015 14:48:49 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.4.0

Hi Ludo,

Yes, I think we should. MESH (now CADET) is much further along and the
API is stable.  I also don't see any other significant roadblocks.

Nevertheless, I agree that we should have some more design discussions,
as I can still imagine many ways how one _might_ do this -- and in any
case we need to come up with a reasonable feature list.  In fact, maybe
that's the best starting point: what are all the things you would like
"binary package distribution" to do?  I don't think we ever tried to
write a comprehensive feature list. I have in mind:

1) Transfer of source code (with signatures / integrity checking /
   build rules)
2) Transfer of binary packages (with signatures / integrity checking),
   which also requires
   - specification of platforms (what is binary-compatible)
   - specification of platform-independent resources
     ("noarch"/"all"/"data")
3) Incremental updates
   - to source (i.e. "diff")
   - to binaries (funky binary-diff)
4) Notification about available updates to sources (to individual
   packages or full distribution by distribution authority), or
   signed messages asserting no updates are available (also important
   to avoid adversary preventing upgrade)
5) Notification about available updates to binaries (including
   signatures of binary package builders arriving at the same
   (or different!?) deterministic build hash)
6) A trust graph / metric / WoT-like construction to determine
   how many (and which) binary package builders are needed before
   we trust third-party binaries (instead of building ourselves
   from source)
7) Automatically offering packages the local system has build to
   others (or not)
8) Delegation of build authority (i.e. Ludo (= Guix root), might
   delegate source code packaging for GnuPG to
   Werner (= GnuPG maintainer)); this creates questions of how
   to handle/specify/allow/prohibit transitive delegations
   (subpackages (KDE, Kedit), related packages (GnuPG/Enigmail)

Anyway, those are the main fun things that come to my mind, but I might
forget some ;-).

-Christian


On 03/04/2015 10:12 PM, Ludovic Courtès wrote:
> Hello GNUnetters!
> 
> Last year we submitted that project idea entitled “Supporting binary
> package distribution through GNUnet”:
> 
>   http://www.gnu.org/software/soc-projects/ideas-2014.html#guix
> 
> It’s GSoC time again, so I was pondering whether we should put it on
> display again.
> 
> I actually wonder if this is a good time: there hasn’t been a release in
> a while, and my (limited) understanding is that the relevant GNUnet
> components may not have fully settled yet (IIRC the “MESH” layer had
> landed just about the same time last year.)  If we were to propose this
> idea, we would need to make sure the rough design we have in mind, and
> the APIs that would be used, would still be valid and stable enough when
> the student starts working on it.
> 
> WDYT?
> 
> Thanks,
> Ludo’.
> 
> _______________________________________________
> GNUnet-developers mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/gnunet-developers
> 

Attachment: 0xE29FC3CC.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]