Hi Chris, nice to see this discussion, IMHO how GuixSD subsitutes are distributed is a key issue in our ecosystem and is _all_ about privacy and metadata *mass* collection most "normal users" are not concerned about this so they are fine with super-centralization since it's a convenience... not us :-) personally I've come to GuixSD because I see this project as a key part in liberating me from this class of problems Chris Marusich writes: [...] > A summary, in the middle of the long thread, is here: > > https://lists.debian.org/debian-project/2013/10/msg00074.html thank you for the reference, I've only read this summary the key part of it IMHO is "Q: Do CDNs raise more security/privacy concerns than our mirrors?" and the related subthread https://lists.debian.org/debian-project/2013/10/msg00033.html the quick reply to the above question is: yes, CDNs raise more secutiry/privacy concerns than "distributed mirrors" obviuosly "distributed mirrors" _does_ rise some security/privacy concerns but *centralization*... much more [...] > Judging by that email thread, one of the reasons why Debian considered > using a CDN was because they felt that the cost, in terms of people > power, of maintaining their own "proto-CDN" infrastructure had grown too > great. I'm still new to guixsd but understood enough to se we are much more well equipped to maintain our distributed network of substitutes caching servers... **transparently** configured :-) [...] > I also understand Hartmut's concerns. The risks he points out are > valid. Because of those risks, even if we make a third-party CDN option > available, some people will choose not to use it. probably I'll be one of those, I'm considering to maintain a caching substitute server in a "semi-trusted" colocated space and I'd be very happy to share that server with the community [...] > However, not everyone shares the same threat model. For example, > although some people choose not to trust substitutes from our build > farm, still others do. for this very reason IMHO we should work towards a network of **very trusted** build farms directly managed and controlled by the GuixSD project sysadmins; if build farms will be able to quickly provide substitutes, caching mirrors will be _much more_ effective than today ... and a network of "automated guix challenge" servers to spot not-reproducible software in GuixSD with a solid infrastructure of "scientifically" trustable build farms, there are no reasons not to trust substitutes servers (this implies working towards 100% reproducibility of GuixSD) > The choice is based on one's own individual > situation. Similarly, if we make a third-party CDN option available and > explain the risks of using it, Guix users will be able to make an > educated decision for themselves about whether or not to use it. that's an option... like a "last resort" in order to be able to use guixSD :-) we could also teach people how to setup their own caching servers and possibly share them with the rest of the local community (possibly with some coordination effort from the project sysadmins) for Milan I've plans to setup such caching mirror in Jan 2019 [...] happy hacking! Gio -- Giovanni Biscuolo Xelera IT Infrastructures