Hacker News new | ask | show | jobs
by poelzi 29 days ago
Working hard on the github killer. Fully decentralized with nearly unbreakable release system. Multiple parties need to produce the same artifacts in the release workflow. IKA then signs the release on the network side, you sign your release using hardware token. Release pipeline analysis source code for malware on the complete dependency chain. Rust + Nix + SUI + WALRUS + SEAL + IKA - a complete decentralized economy. A few more weeks until testnet :)
1 comments
wutwutwat 29 days ago
Use those few weeks to write a proper product description and pitch, because I just read your entire paragraph and am no closer to understanding what you're building.
link
poelzi 29 days ago
I have build a proper workflow system for complex work that composes environments from nix flakes (very extended flakes) - it allows you to combines deterministic with agentic steps. The release process is a workflow in your project that requires to generate reproducible outputs - nix does this for you. The network basically is a distributed CI system - Multiple parties need to check and build your release. When all parties agree, that the package is correct, the SUI smart contract gives it's go. IKA is a multi party encryption network which implements a novel MCP-2pc algorithm. Your release key is split in half - IKA has one part, you have the other. Only is both parties sign the transaction, your software package gets release. Every party, even your PC can be compromised, and it is very hard to just release malware in your package. The whole release pipeline needs to succeed ant then you need to sign it with your hardware token. There are mandatory workflows in the release pipeline that check your software for side loading, comparing your dependency tree to the last version published, etc.

It is the largest project I have ever build and I code since 25 years.

I was just not satisfied with the agentic tools out there, nor with the CI / build infrastructure. Nix is nice, but the way packages are build / signed is just half way to perfect.

We can be lucky that the github hack did not infect the CI infrastructure. Imagine you infect the compilers in github CI to add a sleeper worm that does nothing for a month...

Only if you have multiple parties, building the same software with bootstrapped compilers and every artifact is hash compared, you can be sure it is legit

link