From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark H Weaver <mhw@netris.org>
Subject: Re: armhf build machines
Date: Tue, 08 Dec 2015 14:39:01 -0500
Message-ID: <87zixkybl6.fsf@netris.org>
References: <20151207111424.6297eea2@debian-netbook>
	<20151207103646.GA5390@debian.eduroam.u-bordeaux.fr>
	<20151207182817.GA24951@jasmine> <87bna1svy1.fsf@gnu.org>
	<87y4d5zips.fsf@netris.org> <87fuzc7tb4.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56542)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1a6O6U-0001Pg-2d
	for guix-devel@gnu.org; Tue, 08 Dec 2015 14:39:14 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1a6O6R-0003Ei-Cn
	for guix-devel@gnu.org; Tue, 08 Dec 2015 14:39:14 -0500
In-Reply-To: <87fuzc7tb4.fsf@gnu.org> ("Ludovic
	\=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
	\=\?utf-8\?Q\?s\?\= message of "Tue, 08 Dec 2015 18:18:23 +0100")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: guix-devel@gnu.org

ludo@gnu.org (Ludovic Court=C3=A8s) writes:

> Mark H Weaver <mhw@netris.org> skribis:
>
>> ludo@gnu.org (Ludovic Court=C3=A8s) writes:
>>
>>> Leo Famulari <leo@famulari.name> skribis:
>>>
>>>> What sort of machine would be appropriate for hydra?
>>>
>>> Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least.
>>
>> I would also add that it should run Libreboot, for which the ASUS
>> KGPE-D16 is currently the best supported server-class motherboard.
>
> Right, I would prefer it as well; I hope we can find such rackable
> servers.
>
> If it turns out that all we can buy in practice is an ME-backdoored
> server,

Under what set of circumstances would this be the case?  The ASUS
KGPE-D16 is widely available.  It's even available pre-flashed with
Libreboot from minifree.org, the company run by Francis Rowe, the
creator of Libreboot.

> I *might* be willing to take it, with the understanding that it
> would become less and less of a single point of trust (assuming more of
> our package builds become reproducible, and other users publish binaries
> as well.)

If hydra is compromised, then its private key could be stolen and
facilitate targetted delivery of malicious binary substitutes to
individual users.  The existence of other users who run 'guix challenge'
would not prevent that, afaict.

Anyway, to my mind, the security issues are secondary.  We should avoid
running non-free software wherever feasible.  It is now fairly easy for
us to arrange for hydra.gnu.org to run 100% free software from the boot
firmware up.  Given this, and our commitment to free software, I'm
surprised that we would not make this a priority.

More thoughts?

      Regards,
        Mark