Re: Sustainable funding and maintenance for our infrastructure

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sustainable funding and maintenance for our infrastructure

From:	Jonathan Frederickson
Subject:	Re: Sustainable funding and maintenance for our infrastructure
Date:	Tue, 13 Aug 2024 19:38:41 -0400

On Tue, Aug 13, 2024, at 12:23 PM, Sergio Pastor Pérez wrote:
> Wouldn't it be enough to have a few independent seeders that have the
> same derivation output? We could have a field in the p2p service type
> which allows the user to configure a "level of trust", where the user
> specifies the minimum number of seeders with the same output for the
> daemon to accept the substitute.

This might be enough if you could do it, but the trouble is identifying 
"independent" seeders. If you get the same output from five different seeders, 
that could be five different people... or I could have set up five different 
nodes participating in the swarm serving my malicious substitutes. (This is 
known as a Sibyl attack.)

But maybe taking inspiration from this... perhaps you could do something more 
akin to some of the web-of-trust features of e.g. PGP. In other words, you 
might have the ability to partially trust a server's substitutes such that 
you'll only use a substitute if N other partially trusted servers (or at least 
one fully trusted server) serve up the same content. This would still not let 
you have a totally permissionless set of P2P substitutes, but it would allow 
the community to build a list of individuals who are at least trusted not to 
collude with one another, if not fully trusted.

Though there's a detail that might need addressing for this to work... you 
would want this to be an indication that multiple individuals were able to 
reproducibly build the same packages bit-for-bit. But my impression is that 
substitutes served by 'guix publish' are always signed with the substitute 
server's signing key, regardless of where they were built. That does mean that 
if 4 people were to pull substitutes of a package from one other person, those 
5 people would end up serving substitutes originating from one person. You may 
want a way for someone running a substitute server to additionally attest that 
they had individually built the derivation in question.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Sustainable funding and maintenance for our infrastructure, Marek Paśnikowski, 2024/08/05
- Re: Sustainable funding and maintenance for our infrastructure, Jonathan Frederickson, 2024/08/12
  - Re: Sustainable funding and maintenance for our infrastructure, Sergio Pastor Pérez, 2024/08/13
    - Re: Sustainable funding and maintenance for our infrastructure, Jonathan Frederickson <=
    - Re: Sustainable funding and maintenance for our infrastructure, Felix Lechner, 2024/08/14
    - Re: Sustainable funding and maintenance for our infrastructure, Jonathan Frederickson, 2024/08/24
    - P2P Guix package building and distribution, Christine Lemmer-Webber, 2024/08/21
    - Re: P2P Guix package building and distribution, Andreas Enge, 2024/08/22
    - Re: P2P Guix package building and distribution, Samuel Christie, 2024/08/22

Prev by Date: Re: I'm a new contributor and would like advice
Next by Date: Re: Sustainable funding and maintenance for our infrastructure
Previous by thread: Re: Sustainable funding and maintenance for our infrastructure
Next by thread: Re: Sustainable funding and maintenance for our infrastructure
Index(es):
- Date
- Thread