There are several points to improve a future PiƱata: attestation that the code running is the open sourced code […]
I feel like this problem is an interesting one with open source sites. How do we know that the code at https://github.com/jcs/lobsters is really the code running lobste.rs? Maybe jcs is really bumping up his fav stories to the top with a little vote randomization to make it look like he’s not just pulling the strings? Of course you wouldn’t do that :) but it looks like it may be a tough nut to crack in open source. Maybe some kind of read-only SSH? I really have no clue what it’ll take.
Any system that depends on me hitting your server is game over. If jcs wants to rig his website he can also rig a chrooted SSH that shows the public lobsters while the real thing happens elsewhere.
I feel like this problem is an interesting one with open source sites. How do we know that the code at https://github.com/jcs/lobsters is really the code running lobste.rs? Maybe jcs is really bumping up his fav stories to the top with a little vote randomization to make it look like he’s not just pulling the strings? Of course you wouldn’t do that :) but it looks like it may be a tough nut to crack in open source. Maybe some kind of read-only SSH? I really have no clue what it’ll take.
Any system that depends on me hitting your server is game over. If jcs wants to rig his website he can also rig a chrooted SSH that shows the public lobsters while the real thing happens elsewhere.
I think the only approach towards that is a radical reimagining of how we think about programs - something a la Joe Armstrong’s global key-value function store thought experiment.