It’s by far not ready for users yet, because basically nothing is working.
BUT i had a great time at OceanSprint working on it with, and being surrounded by, people who also care about the idea of making Nix live up to its potential and become a better tool for supply chain security.
So I want to turn next week into laut development stream week , and I will spend some of my hours from Monday to Friday working on it in public on twitch.tv/martin_builds_stuff.
I’m new to this, and I’m happy to just see people drop by and hang out, but I’m also eager to help people get started, if they want to contribute in some way.
The times I have planned so far are:
2025-04-07T12:00:00Z→2025-04-07T13:00:00Z
2025-04-08T12:00:00Z→2025-04-08T13:00:00Z
On Wendesday no specific time was planned, but there were 2 streams
2025-04-10T12:30:00Z→2025-04-10T15:00:00Z
Invalid date→2025-04-11T14:00:00Z (maybe longer to get things working)
I will update this schedule as I go.
The overall goal for the week is getting nixpkgs#hello to verify, in the sense that we do dependency resolution for CA derivations, but without actually validating the new signatures for now. At the same time I can also imagine adapting the focus of individual streams towards what people are interested in or want to work on.
I ended up streaming twice yesterday. Not realizing that for the first stream my audio was not working. So only the 2nd one is available as a VOD.
On the plus side I made great progress by fixing a discrepancy in the test data. So I was able to confirm that how I implemented resolved upstream placeholders at #OceanSprint is actually working, and that I don’t need to do anything to the inputSrc list.
So I’m stuck on some other bug in test data generation now:
I will take a quick look at this on stream in a few minutes, before lunch. Ideally we will be able to fix it and then wait for however long generating new test data will take. If that finishes early enough today I will go live a second time later today.
The laut development stream week is over now. It was a fun and successful week.
We managed to make dependency resolution and signature verification work for the content-addressed hello binary in our unit tests.
I have since also made the same thing work end-to-end in our VM test, also in CI.
If you want to try this yourself outside of those tests, be prepared for surprises, because
the input hashes depend on the stability of nix derivation show, which is not stable across implementations,
passing more than one key does not do the correct thing yet,
I have not figured out how to retrieve the signatures from S3 outside the VM test. I’m new to the S3 API.
Next steps for me will working on configurable trust models, assuming I can keep myself from jumping into adding support for input addressed derivations and don’t find anyone who’s wants to work on a reproducible, attestable builder.
I have put the recordings from the stream up on youtube now, and spend way too much time making thumbnails in the process.
It’s by far not ready for users yet, because basically nothing is working. 
laut development stream week 
So only the 2nd one is available as a VOD.
I’m new to the S3 API.