[Nix-dev] Sidestepping the community builds trust issue?

Wout Mertens wout.mertens at gmail.com
Sat Dec 26 10:07:38 CET 2015


If web-of-trust is the best solution, and the only blocker is build
reproducability, how about trying to classify build differences?

Each of the differences will have a reason, and either we can fix the build
to be deterministic (e.g. timestamps, build paths), or we can classify a
class of changes as equivalent (e.g. optimalizations resulting in
equivalent code, prelinking).

It could very well be that we cannot automatically determine if a set of
builds is equivalent, and then the build will simply have to be done
locally instead of downloaded.

On Fri, Dec 25, 2015, 9:48 PM Tim Barbour <trb at categorical.net> wrote:

> I agree there is no conflict between your proposal and my suggestion.
> The reason I mentioned it is that I do not like the idea of relying on
> a single trusted party for security (to whic your proposal makes no
> difference, because the trusted party will control all build
> machines). If someone (use your imagination) wanted to be able to gain
> access to any nixos machine, they would be tempted to compromise the
> centrally controlled builds.
>
> Therefore I think we should encourage people to run build systems,
> whether centrally controlled or not.
>
> Tim
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-- 

Wout.
(typed on mobile, excuse terseness)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20151226/a4fc5e19/attachment.html 


More information about the nix-dev mailing list