Hi Mark, sorry for the late reply
Mark H Weaver <m...@netris.org> writes: > Giovanni Biscuolo <g...@xelera.eu> writes: >> with a solid infrastructure of "scientifically" trustable build farms, >> there are no reasons not to trust substitutes servers (this implies >> working towards 100% reproducibility of GuixSD) > > What does "scientifically trustable" mean? I'm still not able to elaborate on that (working on it, a sort of self-research-hack project) but I'm referencing to this message related to reduced bootstrap tarballs: https://lists.gnu.org/archive/html/guix-devel/2018-11/msg00347.html and the related reply by Jeremiah (unfortunately cannot find it in archives, Message-ID: <877eh81tm4....@itsx01.pdp10.guru>) in particular Jeremiah replied this: --8<---------------cut here---------------start------------->8--- > so, if I don't get it wrong, every skilled engineer will be able to > build an "almost analogic" (zero bit of software preloaded) computing > machine ad use stage0/mes [1] as the "metre" [2] to calibrate all other > computing machines (thanks to reproducible builds)? well, I haven't thought of it in those terms but yes I guess that is one of the properties of the plan. --8<---------------cut here---------------end--------------->8--- and --8<---------------cut here---------------start------------->8--- > so, having the scientific proof that binary conforms to source, there > will be noo need to trust (the untrastable) Well, that is what someone else could do with it but not a direct goal of the work. --8<---------------cut here---------------end--------------->8--- maybe a more correct definition of the above "scientific proof" should be "mathematical proof" I lack the theoretical basis to be more precise now, sorry :-S a marketing-like campaign sould be "no more trusting trust" best regards Giovanni -- Giovanni Biscuolo Xelera IT Infrastructures
signature.asc
Description: PGP signature