qyliss changed the topic of #spectrum to: A compartmentalized operating system | https://spectrum-os.org/ | Logs: https://logs.spectrum-os.org/spectrum/
<qyliss> ehmry: I’ve also been offered NixOS’ hydra, but its not availability that’s the problem, it’s trustworthiness of the build hardware.
<ehmry> qyliss: yes, it would be nice to have some tooling to compare build artifacts across multiple hydras
<qyliss> Yeah, that would be good
<qyliss> At that point I may take you up on the off
<qyliss> Offer
<qyliss> the work gchristensen has been doing on r13y.com has been good and interesting. Can probably use it.
<adisbladis> I was toying with using blockchains for trusting untrusted builds. If you've ever seen https://en.wikipedia.org/wiki/Convergence_(SSL) I was thinking something similar for binary artifacts where all hashes are stored in an immutable ledger.
<adisbladis> Obviously it would only work for reproducible builds
<adisbladis> But only being able to substitute reproducible builds may not be so bad?
<qyliss> I'm skeptical of anything with the word 'blockchain' in it :P
<qyliss> I think the hard problem will be, how do you know a build is reproducible?
<qyliss> I can set up five computers and have them all claim to have produced my malicious payload
<qyliss> So trust becomes important
<adisbladis> qyliss: You'll have trust agility, anyone can publish a drv-hash and the resulting output hash. It would be up to you to decide who to trust.
<qyliss> Yeah.
<adisbladis> And if everyone would produce different output hashes that build would never be substituted :)
<adisbladis> Because trust could never be established
<adisbladis> Blockchain or not doesn't matter, it does have some interesting properties for the use case though
<qyliss> sure
<qyliss> I think this is a much harder problem than it initially seems, so I'm hesitant to commit to anything in this direction yet.
<adisbladis> qyliss: I think you can consider that orthogonal to spectrum-os
<qyliss> yeah
<qyliss> I'm not sure if the problem has yet been solved sufficiently for me to be able to make use of it.
<ehmry> I think the "reproducible builds" project is coming along well enough, r13y.com is using their tools already
<qyliss> Oh yeah.
<ehmry> at some point they will have to do somthing about notaries I think
<qyliss> It's trust that's the big problem right now I think.
manveru has joined #spectrum
<adisbladis> qyliss: Where is the name Spectrum coming from?
<qyliss> You ever seen a Qubes system, with all the coloured windows?
<qyliss> I wanted to call it Prism, because it focuses different colours into a single thing
<qyliss> But PRISM has... bad connotations in this space :P
<adisbladis> qyliss: Ahh, makes sense :)
ehmry has quit [Ping timeout: 245 seconds]
andi- has quit [Ping timeout: 264 seconds]
ehmry has joined #spectrum
andi- has joined #spectrum
ehmry has quit [Ping timeout: 245 seconds]
spacekookie has quit [Read error: Connection reset by peer]
spacekookie has joined #spectrum
lejonet has joined #spectrum
lejonet has quit [Ping timeout: 258 seconds]
lejonet has joined #spectrum