Thanks for the interesting project! I tried finding notes regarding the actual federation protocol that would be used, but either couldn't find the right things or the decision has not been made yet.
Assuming the latter, may I suggest you consider ActivityPub as a base for the server to server protocol parts. The W3C backed protocol is flexible and well adopted in both the social networking world but also outside it. For example there is PeerTube which is a p2p video hosting platform that does s2s activity sharing over AP. Nextcloud has introduced AP for the social side of their platform.
When I say flexible, ActivityPub has built in support for extensions, which is what I would imagine a project like Entropic would make heavy use of. This would allow some limited compatibility without any extra effort to for example social applications to consume activities from Entropic (for example "package published", "version updated" etc.
Building a new protocol from scratch would not only leave you with solving all the basic problems of delivery and authentication, but also make Entropic fully not compatible with any other platform.
Thanks for the interesting project! I tried finding notes regarding the actual federation protocol that would be used, but either couldn't find the right things or the decision has not been made yet.
Assuming the latter, may I suggest you consider ActivityPub as a base for the server to server protocol parts. The W3C backed protocol is flexible and well adopted in both the social networking world but also outside it. For example there is PeerTube which is a p2p video hosting platform that does s2s activity sharing over AP. Nextcloud has introduced AP for the social side of their platform.
When I say flexible, ActivityPub has built in support for extensions, which is what I would imagine a project like Entropic would make heavy use of. This would allow some limited compatibility without any extra effort to for example social applications to consume activities from Entropic (for example "package published", "version updated" etc.
Building a new protocol from scratch would not only leave you with solving all the basic problems of delivery and authentication, but also make Entropic fully not compatible with any other platform.
Another specification being worked on currently which hits closer to package managers is ForgeFed, a specification for extensions on top of ActivityPub for forges like GitLab, Gitea, Gogs, etc. See https://notabug.org/peers/forgefed/ and https://talk.feneas.org/c/forgefed
For technical information about ActivityPub: https://www.w3.org/TR/activitypub/