From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Using GNUnet for binary package distribution
Date: Thu, 21 Mar 2013 14:02:49 +0100
Message-ID: <87620kykg6.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha1; protocol="application/pgp-signature"
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([208.118.235.92]:41113)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1UIf9A-0003eP-GH
	for bug-guix@gnu.org; Thu, 21 Mar 2013 09:03:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1UIf95-00018C-TH
	for bug-guix@gnu.org; Thu, 21 Mar 2013 09:03:08 -0400
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
To: gnunet-developers@gnu.org
Cc: bug-guix@gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hello GNUnet!

GNU Guix provides a transparent binary/source deployment model.  A
server can claim: =E2=80=9Chey, I have the binary for
/nix/store/v9zic07iar8w90zcy398r745w78a7lqs-emacs-24.2!=E2=80=9D, where the
base32 string uniquely identifies a build process.  If you trust that
server to provide genuine binaries, then you can grab them instead of
building Emacs locally.

The =E2=80=9Ctraditional model=E2=80=9D has been to have a build farm build=
 and serve
binary packages.  In that model, users trust the build farm to provide
authentic binaries.

I=E2=80=99m interested in providing a /practical/ decentralized distribution
model.  It seems to me that GNUnet=E2=80=99s DHT would be the most appropri=
ate
(as opposed to AFS).  WDYT?

One of the problems to be solved is authentication: users would have to
specify a list of GNUnet pseudonyms of trusted binary providers, or
something like that.  Managing this list would have to be as easy as
possible, to allow the system to scale.

Another issue is privacy: we want to give users an incentive to share
their binaries, but at the same time, they should have control over what
gets shared (for instance, Christian may want to hide the fact that he=E2=
=80=99s
installed Python and not Guile ;-)).

What do you think of the idea?  Would the DHT retain files long enough
for this to be practical?

I=E2=80=99m considering submitting this as a GSoC project (under the GNU
umbrella).

Thanks!

Ludo=E2=80=99.

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlFLBPwACgkQd92V4upS7PQizwCfVXlHNR1F2GDOYGzGhDbIY2yi
qkYAoJdkN0BxTB4nCUe9A/fNeej1edX5
=92Wz
-----END PGP SIGNATURE-----
--=-=-=--