[Nix-dev] Sidestepping the community builds trust issue?

Tim Barbour trb at categorical.net
Mon Jan 4 01:01:20 CET 2016


On Sat, 26 Dec 2015 09:07:38 +0000,
Wout Mertens wrote:
> If web-of-trust is the best solution, and the only blocker is build reproducability, how about trying to classify
> build differences?
> 
> Each of the differences will have a reason, and either we can fix the build to be deterministic (e.g. timestamps,
> build paths), or we can classify a class of changes as equivalent (e.g. optimalizations resulting in equivalent
> code, prelinking).
> [...]

Your suggestion sounds a bit like homotopy, which type theorists are now using
to resolve their long-standing difficulties with intensional vs extensional
equality; perhaps there is a connection between these difficulties and the
fact that Nixos is not yet using the intensional Nix store model.

How would one verify that the builds are equivalent, and that the difference
is not due to a malicious modification ?

Tim


More information about the nix-dev mailing list