[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GSoC] Supporting binary package distribution through GNUnet
From: |
Ludovic Courtès |
Subject: |
Re: [GSoC] Supporting binary package distribution through GNUnet |
Date: |
Wed, 25 Mar 2015 21:56:17 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux) |
Hi!
Rémi Birot-Delrue <address@hidden> skribis:
> Ideally, would anyone be allowed to provide substitutes? Or would there
> be a set of “trusted substitute maintainers” (possibly one maintainer by
> package)? Maybe a mix. Maybe “answering this question” is part of the
> project?
IMO the basic trust model wouldn’t be much different from what we have
today (see
<https://www.gnu.org/software/guix/manual/guix.html#Substitutes>.)
That is, users would explicitly authorize certain providers by adding
their public key to their access control list (ACL.)
Now, many/most package builds are reproducible and should be
bit-identical. So in practice, most of the time, a given build will be
actually be signed by several providers.
> Another point is: how would Guix handle these different sources? Should
> it propose the end-user a choice, or include a way to automatically
> choose in most cases?
To begin with, the ACL is enough.
> The prospect of having a (semi-)decentralised and Lisp-based
> package-manager is really appealing.
Glad you like it. :-)
If you haven’t already, please have a look at the discussion with
Christian Grothoff on this list a few weeks ago for additional
thoughts.
I would also recommend that you get in touch with gnunet-developers or
#gnunet so they can tell you which GNUnet APIs to look at and provide
additional insight. It would be nice if you could start playing with
GNUnet and Guix to become more familiar with them.
Also note that the deadline for student proposals is this Friday, so
make sure to post yours on Melange when you’re ready.
Thanks,
Ludo’.