Belated as all sin, but I guess I had some (likely incomplete) cliff notes if no one else has... I'll try to provide attribution but mea cupla if I munge words or mistranslate!
### Efficient traversal:
We talked about ways to enable verifying "X-vn.m is the latest version of X" cheaply e.g. without downloading vasty/unbounded amounts of history.
BenL shares a story for that: a function for reducing the BT log to a map. This sounds like an effective way to put a cinch on things once and a while: assuming a client can trust the map, and getting their item of interest out of the map is cheaper than downloading additional ranges of history, they only need download and check history until they reach a map checkpoint.
dkg raises that this kind of delegation re-introduces a weakening trust centralization. But perhaps we can account for it by logging an objecthash of the map itself periodically? And then ensuring the func(stream)->map itself is publicly specified, deterministic, and verifiable. (Do we then log the community attestations, signed, back to the log?)
I'd love to describe a way to chunk up sub-maps in a reasonably deterministic way so we could do sharded verification. (This kind of resonates to me like using rabin fingerprinting to deterministically split large files into chunks...?) But this is an optimization problem, and maybe better served simply by human choices (e.g. here's the map for debian-latests, here's the map for freebsd-latests, etc).
### Object/tree hashing as the primitive in distribution:
dkg shared some thoughts about using merkle trees as the basis of distro packaging -- make sigs on roots of hash trees instead of per package. (I think there were a lot of noddings visible...)
### Splitting / Dovetailing of logs?
dkg has some ideas about the possible utility of having more than one log (topic logs?) and dovetailing them into another -- not sure I took good notes on this topic, I'll leave it to others to expand on.
I had some concerns about topic-limited logs meaning rarer updates, which may in some ways weaken the property of the log for pinning things at older dates. Others responded that periodically doing sigs on tip with short TTLs addresses this. (I still kind of have concerns about that but don't really know how to articulate them clearly so I'll punt until further notice... I think I'm interested in a "at least as old as X" property whereas our more common worry is up-to-dateness (which is the opposite direction and is indeed addressed by tip sigs), maybe?)
End-of-Notes.
Meta: ISTM we had a lot of ponderings about how to split things (easy) and how to merge them again (probably more tricky, because link/dovetail patterns would need to be well defined if we wanted automatic verification to traverse them). Not sure we have a list of folk's various concerns fuelling this e.g. manageability vs scalability etc, might be a useful list to gather in the future?
Cheers
E