From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id 4OTxNMbuu2Z7DwAAe85BDQ:P1 (envelope-from ) for ; Tue, 13 Aug 2024 23:39:51 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id 4OTxNMbuu2Z7DwAAe85BDQ (envelope-from ) for ; Wed, 14 Aug 2024 01:39:50 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=terracrypt.net header.s=fm1 header.b=2cXqeTBg; dkim=pass header.d=messagingengine.com header.s=fm3 header.b="F m4Urfw"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1723592390; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=S4I/130GdFTsDagtWgK1NKg291TD36sBENXzKprUuuA=; b=ORKLHp4qzDhQtGdHQf/fJlWojBSIb16woP2m/fiXAazQ+kopCXbyx1KS6rUPAfwkhhoQib pBNqkQSrL4koW/bHwFvcQuFmm6zMWbFXLBT/XBeeKdWCYYCk/2tBN/R5X3igG/ptpYM7KG Bs6kViCL7yZAUF6TroWnO6Wf8EW//kl1o6BdQtVDU+h1uBaMv1qfF0upvJtN1z8vw5DQG8 km6msJrUsMtmeeomEZEI5cQOBRX+uEk7bahCHkbwQIdUTt4MUMz0JZRPNeKQxk9I1Xazqa JM94GMd6S+ZH3gebdHl/8wjjQOdKllQhiFMm7H4Lg3H8c8iTmqxptQN5ElBbIQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1723592390; a=rsa-sha256; cv=none; b=pL1XsyAAeEkjuk5Ikc11DZeUcl1z6Io9pBQMz6SYjRzZsWc3rCztLv7oFJgMGQ4czv3jZx crs8EzuaKkW3atC7ea52g/k/JiAyYp4r0urNlIp8K8cEH0OoeLCXe6j5a4sBab+Tc/wanu vNPnpDPF56vuLMCX4mbifcwbpmOrZpklIQTsl7SAF21I6RnYWSY4W0/Sa24MWiG5+lz13x TYcuvxPC7rh1gOJHP5Cm13BAY76980MHKa1Tb82TGXzlK49MeH0qhBBjTHruO0+xef6YFz IHZyC57pdCv04zCBcC+Qh+xzB87AN12PmZbYiFCto4mbieDJ8x4Bvnzhr78y9A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=terracrypt.net header.s=fm1 header.b=2cXqeTBg; dkim=pass header.d=messagingengine.com header.s=fm3 header.b="F m4Urfw"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1D6696FAE4 for ; Wed, 14 Aug 2024 01:39:50 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1se16g-00026K-T3; Tue, 13 Aug 2024 19:39:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1se16f-000261-17; Tue, 13 Aug 2024 19:39:13 -0400 Received: from fout3-smtp.messagingengine.com ([103.168.172.146]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1se16b-00005y-NU; Tue, 13 Aug 2024 19:39:12 -0400 Received: from phl-compute-08.internal (phl-compute-08.nyi.internal [10.202.2.48]) by mailfout.nyi.internal (Postfix) with ESMTP id 44924138FC53; Tue, 13 Aug 2024 19:39:05 -0400 (EDT) Received: from wimap21 ([10.202.2.81]) by phl-compute-08.internal (MEProxy); Tue, 13 Aug 2024 19:39:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=terracrypt.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm1; t=1723592345; x=1723678745; bh=S4I/130GdFTsDagtWgK1NKg291TD36sB ENXzKprUuuA=; b=2cXqeTBgC4Kb+3LyvngQvBIsuFWF9lLruhBQpPF3DUZddH7l nBDJfHaTrJ6X8l1jxw0xRCOWht/EnpX6PKbDINjTpUbqMxAiKon5xHhVGwpZIy0c wePj6PAHbKMqZVJGzcdIgmNzja4MdbQsUsvsgN0rAM3M+b0K34+ry75iDFCTFnRH Eg2s7mX7Y2HT92FKLgI71KPqm1YTrQqiR6jKFvWPAIK2BevkRJJbvIvaRyBVspki yHOOel0DldZLg6ms2GkniNpPPdi6wXFzp+rkdiqQnyqaLN62RylU2eGDu3K4eC1j ynaN0g6BmT001vh4yNJWPdn6cI2Wk/s7ytYaDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1723592345; x= 1723678745; bh=S4I/130GdFTsDagtWgK1NKg291TD36sBENXzKprUuuA=; b=F m4UrfwNeq14FoEv9vjFaU8Q2tAGg1cpL+Gfwxj25lw9fBkSqzm4PAJaTw/PZoYYc SPmo5JTY3QZ5mQXSe4M4U+uy3QNirCYo24MWozk8EoLhysMUK8hLD0cvx2uf/bKA C584qHnhx/bKmSsAJHkBLllZzdYQANqtwqZ7rwqy9NsLPRgtjTkEq3gWnFl6HL5H ZUx6EJBgV4FKqliS4eOEF6vNSIZrS9aRzHWgLG3gGfaIvXIA3tdcq6VxEJixT2Dk 0W7wcnVKI401LYAXyLzo76o8XCWbmhB3xlTKFIWUXnAsKmKXCDtQe147jVfu+f5d c8PSmM2G9XLyiyO7J0HJQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddruddtfedgvdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepofggfffhvfevkfgjfhfutgfgsehtqhertdertdej necuhfhrohhmpedflfhonhgrthhhrghnucfhrhgvuggvrhhitghkshhonhdfuceojhhonh grthhhrghnsehtvghrrhgrtghrhihpthdrnhgvtheqnecuggftrfgrthhtvghrnhepfeet udejvddtteehleehjeejudfgfeeigedvfeeiheeutdffuedvvdetlefhteehnecuvehluh hsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepjhhonhgrthhhrghn sehtvghrrhgrtghrhihpthdrnhgvthdpnhgspghrtghpthhtohephedpmhhouggvpehsmh htphhouhhtpdhrtghpthhtohepghhuihigqdguvghvvghlsehgnhhurdhorhhgpdhrtghp thhtohepghhuihigqdhshihsrggumhhinhesghhnuhdrohhrghdprhgtphhtthhopehluh guohesghhnuhdrohhrghdprhgtphhtthhopehmrghrvghksehmrghrvghkphgrshhnihhk ohifshhkihdrphhlpdhrtghpthhtohepshgvrhhgihhordhprghsthhorhhpvghrvgiise houhhtlhhoohhkrdgvsh X-ME-Proxy: Feedback-ID: if4194509:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 8739337A0085; Tue, 13 Aug 2024 19:39:02 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface MIME-Version: 1.0 Date: Tue, 13 Aug 2024 19:38:41 -0400 From: "Jonathan Frederickson" To: =?UTF-8?Q?Sergio_Pastor_P=C3=A9rez?= , =?UTF-8?Q?Marek_Pa=C5=9Bnikowski?= , =?UTF-8?Q?Ludovic_Court=C3=A8s?= Cc: guix-devel@gnu.org, guix-sysadmin Message-Id: In-Reply-To: References: <87sewr98jd.fsf@gnu.org> <87sevnhp02.fsf@marekpasnikowski.pl> <3ad5baad-2ab6-4fa4-8788-717f827ccf86@app.fastmail.com> Subject: Re: Sustainable funding and maintenance for our infrastructure Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=103.168.172.146; envelope-from=jonathan@terracrypt.net; helo=fout3-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Queue-Id: 1D6696FAE4 X-Migadu-Scanner: mx12.migadu.com X-Migadu-Spam-Score: -9.53 X-Spam-Score: -9.53 X-TUID: GoBl565+1xMg On Tue, Aug 13, 2024, at 12:23 PM, Sergio Pastor P=C3=A9rez wrote: > Wouldn't it be enough to have a few independent seeders that have the > same derivation output? We could have a field in the p2p service type > which allows the user to configure a "level of trust", where the user > specifies the minimum number of seeders with the same output for the > daemon to accept the substitute. This might be enough if you could do it, but the trouble is identifying = "independent" seeders. If you get the same output from five different se= eders, that could be five different people... or I could have set up fiv= e different nodes participating in the swarm serving my malicious substi= tutes. (This is known as a Sibyl attack.) But maybe taking inspiration from this... perhaps you could do something= more akin to some of the web-of-trust features of e.g. PGP. In other wo= rds, you might have the ability to partially trust a server's substitute= s such that you'll only use a substitute if N other partially trusted se= rvers (or at least one fully trusted server) serve up the same content. = This would still not let you have a totally permissionless set of P2P su= bstitutes, but it would allow the community to build a list of individua= ls who are at least trusted not to collude with one another, if not full= y trusted. Though there's a detail that might need addressing for this to work... y= ou would want this to be an indication that multiple individuals were ab= le to reproducibly build the same packages bit-for-bit. But my impressio= n is that substitutes served by 'guix publish' are always signed with th= e substitute server's signing key, regardless of where they were built. = That does mean that if 4 people were to pull substitutes of a package fr= om one other person, those 5 people would end up serving substitutes ori= ginating from one person. You may want a way for someone running a subst= itute server to additionally attest that they had individually built the= derivation in question.