Hi Jonathan, On Tue, Aug 13 2024, Jonathan Frederickson wrote:
> the trouble is identifying "independent" seeders. Thank you for your valuable perspectives on this important topic. The serving someone else's substitutes could also arise more innocently, for example via a technical misconfiguration or because of an incentive system that rewards the contribution of substitutes. > you would want this to be an indication that multiple individuals were > able to reproducibly build the same packages bit-for-bit. > You may want a way for someone running a substitute server to > additionally attest that they had individually built the derivation in > question. Is it possible for someone to reliably attest that they individually built a reproducible work product? I believe the needed variation in inputs, like a hash, is incompatible with the goal of reproducability. Kind regards Felix
