julien on Nostr: more sources is better for sure, but the first sentence isnt necessarily true. How ...
more sources is better for sure, but the first sentence isnt necessarily true. How Nix works is the derivation has the output hash before its built. If i evaluate the build recipe and get a derivation output hash, i can then query a remote cache for that build hash.
Nix the package manager will check if the received binary matches what we expected. So youre trusting your own eval of the build, but getting the remote binary for it. Pretty neat imo.
Cool project in this vein
https://nix-community.github.io/trustix/Published at
2024-08-28 08:49:56Event JSON
{
"id": "d9dcd4720579dcda23332b9290144488bcac5187ca3d8772413f2077f0d3dcd4",
"pubkey": "2bb507e8086248747d2ec5009a70ccdbe0be9310fa612952923c8579e5aa8044",
"created_at": 1724834996,
"kind": 1,
"tags": [
[
"e",
"6c7e707f218aaeeca84e64414eaafecb92d3e1ff19c394021bef121b83a6a793",
"",
"root"
],
[
"e",
"91299d32142a94a344d251723db810e10620e5d257c22e88ec05979581173303"
],
[
"e",
"1c7829e61b8d8b7829d6ae492fb274db2f6fb8a36a5189086d2036a4f39cbf32",
"",
"reply"
],
[
"p",
"2bb507e8086248747d2ec5009a70ccdbe0be9310fa612952923c8579e5aa8044"
],
[
"p",
"a008def15796fba9a0d6fab04e8fd57089285d9fd505da5a83fe8aad57a3564d"
],
[
"r",
"https://nix-community.github.io/trustix/"
]
],
"content": "more sources is better for sure, but the first sentence isnt necessarily true. How Nix works is the derivation has the output hash before its built. If i evaluate the build recipe and get a derivation output hash, i can then query a remote cache for that build hash. \nNix the package manager will check if the received binary matches what we expected. So youre trusting your own eval of the build, but getting the remote binary for it. Pretty neat imo. \n\nCool project in this vein https://nix-community.github.io/trustix/",
"sig": "f7b75c2c381cf7eab5928979c59f99f6de56e95e7b1d6b9b1fd68f4d20f24a1c8f6c8ebcf98515fc37495199ebf721b853396ed54de0bb13edcc9647e0f1baff"
}
