[Nix-dev] Funding Hydra Development
James Cook
james.cook at utoronto.ca
Thu Jan 22 03:41:13 CET 2015
Ah, if the set of trusted people is a relatively small group of people
someone like Eelco has met in person, then I'm much happier. When I
first saw the suggestion, I was imagining some sort of seti at home kind
of thing.
Thanks,
James
On 21 January 2015 at 18:30, stewart mackenzie <setori88 at gmail.com> wrote:
> I also refer to the use of Content Centric Networking (CCN) or Named
> Data Networking (NDN) to disseminate binaries.
> Please note, CCN builds security into the TCP/IP overlay protocol.
>
> So a binary is automatically signed by a "trusted" NixOS maintainer
> whom is also running a private hydra node.
>
> Typically in these types of situations when a web of trust is formed,
> one attends meetings
> bringing along some kind of official identification.
> One shows the identification to other nixers and then hands over the public key.
> The list of trusted keys is then signed by a globally trusted member -
> eelco comes to mind.
> This key list can be disseminated via CCN to all other hydra nodes and
> Nix/NixOS nodes.
>
> When a Nix node wants a package it asks its CCN library.
> If the binary (which has been signed by a trusted maintainer) is not
> in the CCN's local Least Recently Used buffer,
> it floods the request to other Nix/NixOS + Hydra nodes. That binary is
> then copied leaving a breadcrumb trail
> through the graph. Any future close proximity requests for that
> package will then find it quicker somewhere
> an the breadcrumb trail.
>
> I believe this article gets to the root of my argument regarding
> living on master:
> homing-on-code.blogspot.hk/2015/01/code-rot-openbsd.html (read the
> "OpenBSD" section)
>
> Kind regards
> Stewart
>
> On Thu, Jan 22, 2015 at 9:51 AM, James Cook <james.cook at utoronto.ca> wrote:
>> On 21 January 2015 at 17:25, stewart mackenzie <setori88 at gmail.com> wrote:
>>> James you execute code that wasn't written on your machine all the
>>> time. What difference is there between not tursting the code writer vs
>>> code compiler?
>>>
>>> Use a web of trust certificate system of course.
>>>
>>> Anyway if we could find away to live on master I think we'll get more momentum.
>>
>> (Did you mean to reply-all? Feel free to include my response too if you did.)
>>
>> Using a web of trust or something like that partly mitigates the
>> problem. I am still worried, though.
>>
>> Code committed to open source projects can be reviewed later. If
>> someone submits a malicious binary, how will anyone ever know? So my
>> bar for trusting binaries is much higher than my bar for trusting
>> source from a popular open source project.
>>
>> I agree that it would be nice to live on master. I agree with
>> Alexander that it would be nice to have a ballpark figure for what is
>> needed. Maybe this can just be solved with donations of money.
>>
>> James
More information about the nix-dev
mailing list