"Jonathan Frederickson" <jonat...@terracrypt.net> writes: > Guix accepting substitutes from servers without trusted signing keys if the > same substitutes are available bit-for-bit on a trusted substitute server > felt like it could be a hint at something. But your trusted build servers > need to have built a package anyway for you to accept the same package from > an untrusted one, so that doesn't avoid needing a lot of computing power in a > trusted build farm.
Hello! Wouldn't it be enough to have a few independent seeders that have the same derivation output? We could have a field in the p2p service type which allows the user to configure a "level of trust", where the user specifies the minimum number of seeders with the same output for the daemon to accept the substitute. Regards, Sergio.
