You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If i understand correctly, the package hashes are lost after comparison.
Until we have some infrastructure to submit them, i suggest a pragmatic solution and just save them in a CSV file or no-sql db.
What datastructure do we need?
I spontaneously think of:
timestamp of hash calculation
nix store path of the package
maybe package name for better human readability
the hash of the built package
name of submitter
How could we be sure that it's actually built by the submitter? Sign it with PGP like git?
When we have infrastructure to submit the data (that could be a very simple webapp with nosql backend), we can just upload the data that we preserve now.
The text was updated successfully, but these errors were encountered:
If i understand correctly, the package hashes are lost after comparison.
Until we have some infrastructure to submit them, i suggest a pragmatic solution and just save them in a CSV file or no-sql db.
What datastructure do we need?
I spontaneously think of:
How could we be sure that it's actually built by the submitter? Sign it with PGP like git?
When we have infrastructure to submit the data (that could be a very simple webapp with nosql backend), we can just upload the data that we preserve now.
The text was updated successfully, but these errors were encountered: