# Ideas for GSOC 2024 ### Rattler improvements [Rattler](https://github.com/mamba-org/rattler) is a low-level open-source library written in Rust that implements features to handle conda packages: resolving, installing, downloding and more. Ideas: - **Implement repository mirrors for rattler in Rust** **Scope**: 350 hours (medium) **Description**: In the conda world you can define a "channel" from which you want to get the package from. This is, for example, "conda-forge", or "pytorch", etc. We would like to implement the ability to define a channel and multiple "mirrors" of the channel that host the same packages (verified by checking their SHA256 hashes). `rattler` would need the ability to select the best (e.g. geographically closest) mirror, attempt a download, and fail over to another mirror if – for example – the file is not available from said mirror yet. **Skills**: Networking, Rust **Expected Outcomes**: an implementation in `rattler_networking` that supports selecting the fastest mirror, and intelligently switches mirrors based on download speed and reliability. Stretch goals are OCI support (to be able to download from arbitrary OCI artifacts) and S3/Google Storage support (e.g. using OpenDAL). **Mentors**: Wolf Vollprecht, Bas Zalmstra - **Implement package signing for conda packages in Rust** **Scope**: 350 hours (hard) **Description**: We would like to further solidify rattler & implement "TUF" support (the Update Framework). TUF is a reference in terms of security for package registries and has been implemented in `mamba` and `conda` (`conda-content-trust`). Based on those two implementations we would like to implement TUF support in a similar fashion. Furthermore, we would then like to understand how we can integrate with `sigstore.dev` for enhanced Supply Chain Security. **Skills**: Cryptography, Rust **Expected Outcomes**: An implementation of package signing using the sigstore crate and TUF that is merged in rattler. **Mentors**: Wolf Vollprecht, Bas Zalmstra ### resolvo improvements [Resolvo](https://github.com/mamba-org/resolvo) is a high performance SAT solver that is used in `rattler` to solve conda package dependencies and in `rip` to solve PyPI package dependencies. It is written from scratch in Rust and implements state of the art conflict drive clause learning. Ideas: - **Optimize the SAT solver `resolvo` further** **Scope**: 175 hours (medium) **Description**: Resolvo is our Rust-implementation of a fast package management SAT solver. We would like to implement some optimizations in the open source to fix some pathological cases for PyPI resolving. We recently made `resolvo` async for faster PyPI resolving but there could be more benchmarking for even faster speeds. Additionally there are some pathological cases where changing the order of backtracking could yield amazing speed ups. **Skills**: Optimization, Rust, Profiling **Expected Outcomes**: Fix some cases where resolvo / rip are currently slow by implementing e.g. SAT solver restarts. **Mentors**: Bas Zalmstra, Tim de Jager - **Implement a RPM resolver using `resolvo`** **Scope**: 350 hours (medium) **Description**: A prototype already exists under: https://github.com/prefix-dev/resolvo-rpm. We would need some additional features such as "suggest", "recommends", and "obsoletes" that are currently not implemented in `resolvo`. These features are available in `libsolv`, the SAT solver that many ideas in `resolvo` are based on. **Expected Outcomes**: A more complete RPM resolver prototype that works with actual packages and resolves suggested packages as well as taking care of obsoleted packages. A stretch goal would be the downloading and installing of actual RPM packages. **Skills**: Rust, Theoretical Computer Science **Mentors**: Wolf Vollprecht, Tim de Jager