Please review the draft for May's report

[kpcyrd]

On Wed, Jun 10, 2020 at 11:51:44AM -0400, Leo Wandersleb wrote:
> Sure but I found it confusing in combination with the quorum logic. If I trust
> my 12 sock puppets, I can reach any quorum that only requires 5 signatures. Some
> slightly stronger concept of identity is needed if you go by a logic that says
> "at least 2 trustworthy rebuilders have to sign" so you don't fall vulnerable to
> wrench attacks.

I can share how we're approaching this problem in Arch Linux, one of the
projects with independent rebuilders (although the results aren't used
for anything security sensible yet):

The trick is that there's no "real" quorum. Anybody can setup and run a
rebuilder, but that doesn't mean that anybody actually cares about their
results. Also, Alice and Bob can have different opionions about whether
a package has been sufficiently independently verified or not.

It basically boils down to a reputation problem, you're supposed to pick
rebuilders that you consider to have a trustworthy reputation. If you
think that all of the "major" rebuilders are colluding you can still run
your own rebuilder and raise concerns if you're having trouble
reproducing their results, but your positive results are most likely
going to be discarded unless people consider you trustworthy.