<globin>
gchristensen: I think the "disk" of the image
<gchristensen>
yeah
<gchristensen>
but iirc it is a problem if the image grows much more
drakonis has joined #nixos-dev
<srhb>
Ugh, again?
<srhb>
Didn't we juts grow that to 40?
<gchristensen>
the minimal ISO also jumped by like 60 paths recently
<srhb>
But now it looks like it's 20MiB again
<srhb>
globin: When was that log from?
<srhb>
globin: Ah, we increased it to 30, and it looks like it's fine now.
<gchristensen>
it strikes me that if someone wants a check on the binary cache against maliciousness, r13y.com isn't an effective one for as long as I am part of the build farm maintenance team
<tilpner>
Right, and that still applies with the distributed r13y plan, if you run the coordinating node
<gchristensen>
:)
<arianvp>
Maybe Blockchain can help here
* arianvp
I am trolling by the way. Ignore me
<tilpner>
Thanks for clarifying
<gchristensen>
solving this isn't a very important goal to me, since I trust me, but I wouldn't mind if someone else found that to be an important goal and wanted to contribute work to eliminate that
<tilpner>
gchristensen: What if every building node made their results publicly available? So I could host a controlling node that doesn't depend on any of your machines?
<tilpner>
They could still push to your s3 bucket
<tilpner>
But they would also keep the hashes forever
<tilpner>
My controlling node would not be able to tell how they differ, only that they differ from the cache
<globin>
srhb: where?
<gchristensen>
tilpner: oh I just remembered I did try to address this very problem
<srhb>
globin: Or am I missing something and you're talking about a different failure?
<gchristensen>
tilpner: because then you don't need to trust even the controller node. I think also I'm going to ditch the BuildUploadTokens, and not let people upload to my S3 bucket -- instead let them write to IPFS or whatever, and then I can fetch it from there. more "open" and I don't need to send out write tokens
<tilpner>
gchristensen: I don't yet get what you mean. Which messages would be signed here, and how does that help me (who doesn't trust evil graham) get the verifiers results?
<gchristensen>
Signed<BuildRequest> and Signed<BuildUploadTokens>
<gchristensen>
oops
<gchristensen>
Signed<BuildRequest> and Signed<BuildResponse>. BuildResponse contains what was built and its reproducibility status. so I have a signature from everyone who built as to what they decided
<tilpner>
Sure, you have the responses, but how do I get those responses too?
<gchristensen>
I can publish them
<tilpner>
And then I can verify you didn't alter them
<gchristensen>
yes
<tilpner>
But I can't verify you omitted none
<tilpner>
Or am I missing something?
<tilpner>
You could just selectively only publish the good ones
<gchristensen>
no, you're not missing anything
<gchristensen>
if you don't want to trust me, talk to the builder
<tilpner>
That's what I meant above
<gchristensen>
actually, a blockchain-like thing is the right thing here and I know it
<tilpner>
But it requires that I have a list of builders
<tilpner>
And that they publicly expose their results
<tilpner>
gchristensen: How many chronicle instances would exist here, and who would host them? Would this require registering chronicles with every verifier?
<gchristensen>
tilpner: I'm going to go ahead and reiterate that I'm not actually very interested in spending a lot of work solving this problem, but if somebody did want to, I would like that
<tilpner>
It was you who mentioned chronicle, and I wanted to understand your proposed usage of it
<jtojnar>
worldofpeace: it is weird since I had emoji fonts working without disabling penultimate explicitly
<worldofpeace>
jtojnar: yeah that's weird. I didn't see that working before, I guess I'll check to be sure and with multiple fonts.
<jtojnar>
but penultimate does not appear to have changed since 2017 in any big way
<jtojnar>
worldofpeace: as I mentioned yesterday, the issue I have with installing noto emoji font is that it takes precedence over Joypixels
<worldofpeace>
jtojnar: right, and perhaps I could cause that issue for others by including it default. I think I've read about this issue before with people trying to correct the precedence of which font in GNOME even.
<jtojnar>
samueldr: great to hear about the mobile-progress
<worldofpeace>
jtojnar: so we just need substitution rules (I guess)
<worldofpeace>
that's probably something missing from penultimate then
<worldofpeace>
wait do we lack an emoji family?
<jtojnar>
worldofpeace: I have it in /nix/store/xvbcgrl4ipwjgl624gwn16x8a8xfqfdq-fontconfig-2.12.6/etc/fonts/conf.d/45-generic.conf as deescripbed by the repo
<jtojnar>
worldofpeace: you are right, it seems to be missing from penultimate