Hello Brice, qua 17 jun 2020 às 08:37:59 (1592393879), brice@waegenei.re enviou: > Hello André, > > Thank you for the patch and your feedback! It's me who should be thanking you! > When writing this section of the cookbook I was worried that some > readers will misunderstood it so I added a big warning at the > front but it doesn't seems to be enough since you sent this mail. Sorry to disturb you, your warning was clear enough. I've only thought that there was room for improvement whilst there remains the need for a proper solution to the problem at hand. > I would like to keep the warnings at the beginning of the section > to be sure that readers don't miss it when skimming trough it. > Any rewording of that part to make the scope of the section or > the warnings more clear is welcome. It follows attached a new version of the previous patch which changes the comment to the warning quote. I had previously thought that it would be worse to inflate the warning with this comment even more so as the section's title already mentions it's related to substitutes. > Note that this section is only about getting *substitutes* through > tor and it should probably be kept that way to avoid confusing the > user in regard to what (narrow) security benefit this configuration > offer. Note taken, but it seems to me that if someone is going through the trouble of configuring guix to get substitutes through Tor, such a person would most likely also wish to update guix through the same network. It does nothing to fix the possible leaks when substitutes aren't available, but it makes it clear that it's possible/advisable on such scenario to pull using torsocks. I don't think it misinforms users. > On a wider front I would prefer to have a foolproof configuration > that route *all* guix related traffic through Tor, instead of that > half-way setup. Providing a way to 'torify' any service with > something like 'make-forkexec-constructor/trosocks', as > 'make-forkexec-constructor/container' does for containerizing a > service, would be great[0]. A less engaged option would be to > make 'guix-daemon' compatible with 'torsocks' since doing it so > makes guix unusable[1]. I too would prefer it, but a half-way setup is what we have for now. So a three-quarters-way would be an improvement though not the fix we're in need. I'll dig deeper and will come back to you if I make any progress.