Evil plan: Mini-PAUSE on everybody's machine, use web frontend for CPANPLUS::Backend to form mini-search.cpan.orgs; use onionnets to distribute load, and run cpansmoke to generate .par binary packages for each module that passes test.
The use case on my mind is like:
There's a dedicated, persumably relatively safe, cluster of machine generating .par binaries and sign them.
There are also wide range of p2p people running tests from the sources assuming the same architecture, the resulting binary should checksum identically; the onionnet is just for distributing the signed binaries generated by the central cluster.
The .par they generated is checksum-compared with the outer circles that have built it independently.
So, from a peer's point of view:
0) Grab a source, compare with signed checksum
1) Test it
2) Build independent packages and compare it with the central images
3) If they match, just start distributing from there, onionnet-style
4) If they don't, or tests fail, notify the appropriate owners
We have code to do 0 (my patched CPAN::Checksum and CPANPLUS::Source), 1 (cpansmoke), 2 (CPANPLUS::Dist::PAR), 4 (Test::Reporter, and soon cpanbug via Net::RT); 3 needs a little adapting.
It's like people doing 'make package' under FreeBSD ports and compare them with bento images -- and if they match, send it to their friends.
That way, their friends can confidently get binary packages.
That's more or less what the NAPCPANTS project could be about in my mind.
