From mboxrd@z Thu Jan  1 00:00:00 1970
From: Pierre Neidhardt <mail@ambrevar.xyz>
Subject: Guix and remote trust
Date: Thu, 12 Dec 2019 15:23:33 +0100
Message-ID: <87eex9r5ay.fsf@ambrevar.xyz>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:35849)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <mail@ambrevar.xyz>) id 1ifPNR-0003dR-K5
 for help-guix@gnu.org; Thu, 12 Dec 2019 09:23:38 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mail@ambrevar.xyz>) id 1ifPNQ-00065H-0Q
 for help-guix@gnu.org; Thu, 12 Dec 2019 09:23:37 -0500
Received: from relay11.mail.gandi.net ([217.70.178.231]:37131)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <mail@ambrevar.xyz>) id 1ifPNP-00062F-P5
 for help-guix@gnu.org; Thu, 12 Dec 2019 09:23:35 -0500
Received: from mimimi (lfbn-1-4156-76.w92-169.abo.wanadoo.fr [92.169.151.76])
 (Authenticated sender: mail@ambrevar.xyz)
 by relay11.mail.gandi.net (Postfix) with ESMTPSA id A54C310000D
 for <help-guix@gnu.org>; Thu, 12 Dec 2019 14:23:33 +0000 (UTC)
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: help-guix@gnu.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi!

Guix gives lots of guarantees locally: packages can be --check'ed,
profiles are reproducible, etc.

I am wondering whether Guix can still provide more guarantees than
non-functional package managers / OS when running on a remote machine
(controlled by an non-trusted third-party) with, say, SSH root access.

For instance, can we somehow have the guarantee that the remote machine
is the Guix we installed and hasn't been tampered with?

I'm not sure whether I'm asking something trivial or not.  If the
latter, I'd be happy to read more literature about it.

What do you people know on the topic?

=2D-=20
Pierre Neidhardt
https://ambrevar.xyz/

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEUPM+LlsMPZAEJKvom9z0l6S7zH8FAl3yTWUACgkQm9z0l6S7
zH9n1gf/TWP8ObOWeuQy59NIh6tGwPI6fIAw87P/G97/GyjiL6lgbl0oaAxzvrhA
oGgBNnL7qcqhl7c+udMJNi6ax4TZGh47TyGy5TQ8Zd6mzVp2ESSA/K8em9dKuH+C
8Aq4wrkIGxb49dLwD/6eln93kKfnv1Rztow13EOldQRdo1ob77ME37rOhFGHEUdX
h4HURurYhEfN2yPQcwAaYMQu2ozxckr6sFe/3MTDp7H/SwArQkC0hq2gg8jbutht
TL+2zrpjBM8aPmWfkGy7jrK0ghSIWrCOyPS7B5qOecZW6MrUG9Pv3Ntr3JUWCIvO
6R1BGq+OQh0gLs5xnA4kB0PMdTozUA==
=2EmD
-----END PGP SIGNATURE-----
--=-=-=--