* [GSoC] Supporting binary package distribution through GNUnet
@ 2015-03-24 19:08 Rémi Birot-Delrue
2015-03-25 20:56 ` Ludovic Courtès
0 siblings, 1 reply; 2+ messages in thread
From: Rémi Birot-Delrue @ 2015-03-24 19:08 UTC (permalink / raw)
To: Guix-devel
Hello!
These days I’m looking at this idea, and as I though about it more and
more questions rose, concerning both what you expect of this project and
how to put it up.
As I understand it, the idea would be to allow users to use substitutes
provided through GnuNet, therefore in a decentralized fashion.
Ideally, would anyone be allowed to provide substitutes? Or would there
be a set of “trusted substitute maintainers” (possibly one maintainer by
package)? Maybe a mix. Maybe “answering this question” is part of the
project?
Another point is: how would Guix handle these different sources? Should
it propose the end-user a choice, or include a way to automatically
choose in most cases?
The prospect of having a (semi-)decentralised and Lisp-based
package-manager is really appealing.
Sincerely,
--
Rémi Birot-Delrue
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [GSoC] Supporting binary package distribution through GNUnet
2015-03-24 19:08 [GSoC] Supporting binary package distribution through GNUnet Rémi Birot-Delrue
@ 2015-03-25 20:56 ` Ludovic Courtès
0 siblings, 0 replies; 2+ messages in thread
From: Ludovic Courtès @ 2015-03-25 20:56 UTC (permalink / raw)
To: Rémi Birot-Delrue; +Cc: Guix-devel
Hi!
Rémi Birot-Delrue <asgeir@free.fr> skribis:
> Ideally, would anyone be allowed to provide substitutes? Or would there
> be a set of “trusted substitute maintainers” (possibly one maintainer by
> package)? Maybe a mix. Maybe “answering this question” is part of the
> project?
IMO the basic trust model wouldn’t be much different from what we have
today (see
<https://www.gnu.org/software/guix/manual/guix.html#Substitutes>.)
That is, users would explicitly authorize certain providers by adding
their public key to their access control list (ACL.)
Now, many/most package builds are reproducible and should be
bit-identical. So in practice, most of the time, a given build will be
actually be signed by several providers.
> Another point is: how would Guix handle these different sources? Should
> it propose the end-user a choice, or include a way to automatically
> choose in most cases?
To begin with, the ACL is enough.
> The prospect of having a (semi-)decentralised and Lisp-based
> package-manager is really appealing.
Glad you like it. :-)
If you haven’t already, please have a look at the discussion with
Christian Grothoff on this list a few weeks ago for additional
thoughts.
I would also recommend that you get in touch with gnunet-developers or
#gnunet so they can tell you which GNUnet APIs to look at and provide
additional insight. It would be nice if you could start playing with
GNUnet and Guix to become more familiar with them.
Also note that the deadline for student proposals is this Friday, so
make sure to post yours on Melange when you’re ready.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-03-25 20:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-24 19:08 [GSoC] Supporting binary package distribution through GNUnet Rémi Birot-Delrue
2015-03-25 20:56 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).