[Nix-dev] Funding Hydra Development

stewart mackenzie setori88 at gmail.com
Thu Jan 22 03:30:40 CET 2015 

I also refer to the use of Content Centric Networking (CCN) or Named
Data Networking (NDN) to disseminate binaries.
Please note, CCN builds security into the TCP/IP overlay protocol.

So a binary is automatically signed by a "trusted" NixOS maintainer
whom is also running a private hydra node.

Typically in these types of situations when a web of trust is formed,
one attends meetings
bringing along some kind of official identification.
One shows the identification to other nixers and then hands over the public key.
The list of trusted keys is then signed by a globally trusted member -
eelco comes to mind.
This key list can be disseminated via CCN to all other hydra nodes and
Nix/NixOS nodes.

When a Nix node wants a package it asks its CCN library.
If the binary (which has been signed by a trusted maintainer) is not
in the CCN's local Least Recently Used buffer,
it floods the request to other Nix/NixOS + Hydra nodes. That binary is
then copied leaving a breadcrumb trail
through the graph. Any future close proximity requests for that
package will then find it quicker somewhere
an the breadcrumb trail.

I believe this article gets to the root of my argument regarding
living on master:
homing-on-code.blogspot.hk/2015/01/code-rot-openbsd.html (read the
"OpenBSD" section)

Kind regards
Stewart

On Thu, Jan 22, 2015 at 9:51 AM, James Cook <james.cook at utoronto.ca> wrote:
> On 21 January 2015 at 17:25, stewart mackenzie <setori88 at gmail.com> wrote:
>> James you execute code that wasn't written on your machine all the
>> time. What difference is there between not tursting the code writer vs
>> code compiler?
>>
>> Use a web of trust certificate system of course.
>>
>> Anyway if we could find away to live on master I think we'll get more momentum.
>
> (Did you mean to reply-all? Feel free to include my response too if you did.)
>
> Using a web of trust or something like that partly mitigates the
> problem. I am still worried, though.
>
> Code committed to open source projects can be reviewed later. If
> someone submits a malicious binary, how will anyone ever know? So my
> bar for trusting binaries is much higher than my bar for trusting
> source from a popular open source project.
>
> I agree that it would be nice to live on master. I agree with
> Alexander that it would be nice to have a ballpark figure for what is
> needed. Maybe this can just be solved with donations of money.
>
> James

More information about the nix-dev mailing list