<gchristensen>
what if ofborg's build results were uploaded to a binary cache with the following mechanism:
<gchristensen>
NARs (content-addressed) uploaded to cache/nars/....nar
<gchristensen>
narinfo files uploaded to cache/unstrusted/PR-40000/....narinfo
<gchristensen>
then these can be "trust"ed by moving them to cache/trusted/....narinfo, and signed
<gchristensen>
as part of this, builds would be run inside of VMs which would be disposed of after each build
<gchristensen>
now we can think auto-builds + a useful cache + nice things we rerally want, like building the manual on every PR
<gchristensen>
of course this continues to be hard for Darwin
<LnL>
yeah :/
<LnL>
is this to share caches across builds or other usecases?
<gchristensen>
that, and for testing
<gchristensen>
so you could fetch results and try them out
<LnL>
if builders aren't trusted that probably only makes sense on linux with nix run --store 'local?root=/tmp/foo'
<gchristensen>
yeah
<gchristensen>
makes sense
<LnL>
the alternative would be to introduce a cache for each builder and trust a subset of those
<gchristensen>
ooh!
<LnL>
btw, your idea of separating nar files and the signed narinfo files is basically what cachix does
<gchristensen>
nice!
<LnL>
every cache created by a user is a new narinfo namespace that potentially uses a different signing key, but the actual content is a shared pool (probably content addressed)
<gchristensen>
that is very cool (yeah, NARs are content-addressed)