Hello GNUnet!

GNU Guix provides a transparent binary/source deployment model.  A
server can claim: “hey, I have the binary for
/nix/store/v9zic07iar8w90zcy398r745w78a7lqs-emacs-24.2!”, where the
base32 string uniquely identifies a build process.  If you trust that
server to provide genuine binaries, then you can grab them instead of
building Emacs locally.

The “traditional model” has been to have a build farm build and serve
binary packages.  In that model, users trust the build farm to provide
authentic binaries.

I’m interested in providing a /practical/ decentralized distribution
model.  It seems to me that GNUnet’s DHT would be the most appropriate
(as opposed to AFS).  WDYT?

One of the problems to be solved is authentication: users would have to
specify a list of GNUnet pseudonyms of trusted binary providers, or
something like that.  Managing this list would have to be as easy as
possible, to allow the system to scale.

Another issue is privacy: we want to give users an incentive to share
their binaries, but at the same time, they should have control over what
gets shared (for instance, Christian may want to hide the fact that he’s
installed Python and not Guile ;-)).

What do you think of the idea?  Would the DHT retain files long enough
for this to be practical?

I’m considering submitting this as a GSoC project (under the GNU
umbrella).

Thanks!

Ludo’.