[Nix-dev] Sprint topics
Nicolas Pierron
nicolas.b.pierron at gmail.com
Sat Aug 16 16:05:40 CEST 2014
Topic: Different sources of packages
Currently Nix use a mirror which is furnished by Hydra to deliver
packages. Hydra and its mirror have been a central point of failure.
Other distribution are providing multiple mirrors to answer this
solution. Nix is capable of using different sources, but the current
model is too centralized. Hydra solves 2 issues, the security aspect
(Can I trust the way you are compiling packages), and the transport
aspect (Can you transfer me this package). This makes Hydra a central
point of failure for security and for reliability.
We should change that by adding 2 things; add GPG based authenticity
of Nar signatures; add Torrent based transport for nar files. Note
that the 2 things are independent from each others.
This would be useful for distributing the charge of trust (Nar
signature) to the authors of the packages, while getting a package
from the user of the package (Nar file).
On Sat, Aug 16, 2014 at 7:28 AM, Florian Friesdorf <flo at chaoflow.net> wrote:
>
> Hi,
>
> in preparation for the sprint, please add your topics to the titanpad:
>
> https://titanpad.com/7yn7iBQ6n2
>
> For discussion it might be nice to have one reply per topic to this
> email.
>
> see you soon
> florian
> --
> Florian Friesdorf <flo at chaoflow.net>
> GPG FPR: 7A13 5EEE 1421 9FC2 108D BAAF 38F8 99A3 0C45 F083
> Jabber/XMPP: flo at chaoflow.net
> IRC: chaoflow on freenode,ircnet,blafasel,OFTC
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
--
Nicolas Pierron
http://www.linkedin.com/in/nicolasbpierron - http://nbp.name/
More information about the nix-dev
mailing list