[Nix-dev] Sidestepping the community builds trust issue?

[Anders Papitto]

I've seen several conversations centered on how to enable private
individuals and/or companies to contribute to publicly available binary
caches, without requiring end users to explicitly trust those private
entities. The main problem, for which I'm not aware of a complete solution,
is that there is no way to verify a build output provided by such a private
entity is actually the result of an honest build.

With support in hydra for independently scheduling subsets of worker
machines, it seems possible to sidestep this issue by using a different
contribution model. Instead of saying

"I have one machine which I control and use to build nix expressions, which
I would then like to contribute to a public binary cache"

which encounters the trust issue, I could instead say

"I have one machine. I will provide this machine to the Nix foundation for
use as a build slave, and it will be under their full control. In exchange,
I will receive a guarantee that my build requests will be given the
absolute highest priority on this machine."

Then, end users can continue to trust only cache.nixos.org, while private
entities can both contribute to the public cache, and have infrastructure
which prioritizes their own needs.

Has there already been work and/or discussion in this direction? Are there
fundamental obstacles which I am missing?

- Anders Papitto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20151224/4fbd3901/attachment.html