[thom]

Ah, I think I'm misunderstanding the intent here. Clearly P2P distribution of checksummed binaries can be safe, I was just wondering if there were a solution to the build farm being behind. It seems like you can't really trust the first build of any artifact unless it comes from a central source.

[mbakke]

There have been discussions of an "N of P" distribution, i.e. if 80% of available peers (or substitute servers) advertise the same build result, then treat it as safe.

I expect that both will be implemented, and the choice left up to the user.

[thom]

Unless I'm massively underestimating the number of Guix users, that seems quite easy to exploit.