From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id 2E9VAEWtcWEcJQEAgWs5BA (envelope-from ) for ; Thu, 21 Oct 2021 20:11:17 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id 2I+hN0StcWGvSAAA1q6Kng (envelope-from ) for ; Thu, 21 Oct 2021 18:11:16 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 98649388D for ; Thu, 21 Oct 2021 20:11:16 +0200 (CEST) Received: from localhost ([::1]:60058 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mdcX5-0006I3-Hb for larch@yhetil.org; Thu, 21 Oct 2021 14:11:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43562) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mdcVo-0006Hn-Ve for guix-devel@gnu.org; Thu, 21 Oct 2021 14:09:57 -0400 Received: from mail-wm1-x330.google.com ([2a00:1450:4864:20::330]:50995) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mdcVn-0001ud-8J for guix-devel@gnu.org; Thu, 21 Oct 2021 14:09:56 -0400 Received: by mail-wm1-x330.google.com with SMTP id o24so522296wms.0 for ; Thu, 21 Oct 2021 11:09:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-transfer-encoding; bh=TQX+Pwr/OtbuUL+JKYRZpfjN4E6Step68NMWcfR4S0I=; b=UZ9xnKse7wc2CW0CBezhJ+csmJILWow4jzD6xXTS9WOrqSfBU4YHM08TniCywnSr4W Ql8Ft+hCZwNtFxIK5QdyzondZXW9maHBXZ2cwKvpEHoW8LMBLAZcECk8aCrxIUsGTAu8 Xnh3KALJSVtq8Famv9HY4UbzeVKhd8m8qlbsLbC/y9KVvYOSVlfZzBfZie3HuL3GPPxR alVVS92lZEGrhAT50ZHaFgxs3CeliEcvkYOgu0g7oltkPs7gARHS7ytIgRy+nSxJJAcD TFy8Rg81PHyt/qe1dc5zvQS2d/YzW3XK/bBlxn12Dx/jrhjA2PE6RSn9xdUuSqjNK7Lv gcGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=TQX+Pwr/OtbuUL+JKYRZpfjN4E6Step68NMWcfR4S0I=; b=3dz6KfOoR4jcZS6V7kvo8gWPM9jKFwxpY7oW+PHAys1N0Dyt8P/U5k1DtZhVs+4cxB mndkR1zEkdCkn/sSuOQvteNDJtJ1+r+nDkJ9Rkq+0ZD1WSz/twEaNFe6tyCtSbI1b7Is ZES56+t+jgnLiFng/xRUnIzd1JNd4JT4S5+k80z5NKlA5J0qGiewrUJXugm6Tr09i9j0 dEB6FycbDUcibVZcldck57gNyaWbUF0/CRgyolsreEmQl3fmB8t3G3q7BIwoP6XZiheB 7odlWeXQrGeF9+Ib3CI/5RmIcgM3ebdzopUuaEEP6V33R7SIp1wHAphUdJkYKOuu3y/y gwqA== X-Gm-Message-State: AOAM5322v9L2E8VBiCVEUtHmRunVnoexASZIAyh0ekXB+wcCl7gR8PiA dtGydZZXJxMSoY3g9k+NXDJmkUaJQok= X-Google-Smtp-Source: ABdhPJyI+9P4QxKCAJBYBQ9mgWIMphpJDC6sQTIRX4RMFD73OsvE5O3QZ6CAYEI1EPrPxzNYThw8gw== X-Received: by 2002:a05:600c:19cf:: with SMTP id u15mr8307850wmq.45.1634839791874; Thu, 21 Oct 2021 11:09:51 -0700 (PDT) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id i13sm6374142wmq.41.2021.10.21.11.09.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Oct 2021 11:09:51 -0700 (PDT) From: zimoun To: Tobias Geerinckx-Rice Subject: Re: Public guix offload server In-Reply-To: <87a6j272oz.fsf@nckx> References: <878rynh0yq.fsf@systemreboot.net> <87cznz74l5.fsf@nckx> <864k9ag5k0.fsf@gmail.com> <87a6j272oz.fsf@nckx> Date: Thu, 21 Oct 2021 20:04:05 +0200 Message-ID: <864k9a2r1m.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::330; envelope-from=zimon.toutoune@gmail.com; helo=mail-wm1-x330.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1634839876; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=TQX+Pwr/OtbuUL+JKYRZpfjN4E6Step68NMWcfR4S0I=; b=dw8b+U44MQKXFerirHUv03kqCFIt9slwXcG4tiP+FoleCQ3U/w7VJ6MapK+1W3N7lZScHS 1kFDHc51ula/Sl8B81hMNtIhmcIxlzCf9pk7hdhQzBrxsk2yg20THN+4UcczsgWP9XRnD5 KhnonnR5/A9vaOo8Kqv7dfjVwSx8VT1LHsPkLYEBBEiOxEheY09TBFgH9in3d7sqJb9QkR zhMvjVsLYL9QPV/efaCoO7lGR/goNOAnyO2rnE1pK0eT+HpHwiJTcN7oa5r5ZE836zPsJZ ++/K5VEy3k9PFS+7xQeW16yBIPD76vQok0xysNvShgvtMNgfeJROh4VpWm8b9w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1634839876; a=rsa-sha256; cv=none; b=TkFUBnr7X329Pld1cF0dgr2MIZ2t7nNZYnFe4beDK6z30fqrQF4lIUZaDCHWnM3UK/Fch7 YrixwtD8qOkMGBCq5ZOKoxIvWjqCVhFM90emPNLf0AFyW5wzsZ0Xf2YCof6qGjY48QBtI1 xFojOrW3CSQNnrvNb8EFqSM2qCXB0N/Fy7vwNf+nNck6Uak/nbCccLgeEIyO3mOqhmuT/I rBkKX4NZ+2/NyVJ3ApdoqyK9n4+qtWLXeBpb4Y8QirAwb6zz8ijYTlCUddHPAO1IB9RnxH CEJZWmkuWzyvWYwcdVF21ivF41GtIbOJY93tnY6xornic4o9IRjm/q+IZMq2Qw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=UZ9xnKse; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -1.73 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=UZ9xnKse; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 98649388D X-Spam-Score: -1.73 X-Migadu-Scanner: scn1.migadu.com X-TUID: Z1+3icaq61Wt Hi Tobias, On Thu, 21 Oct 2021 at 18:31, Tobias Geerinckx-Rice wrote: > zimoun =E5=86=99=E9=81=93=EF=BC=9A >> If I understand correctly, if a committer offloads to say Berlin=20 >> or >> Bayfront, your concern is that the output will be in the=20 >> publicly >> exposed store. Right? > > No, that would be far worse. I'm considering only a =E2=80=98private=E2= =80=99=20 > offload server shared by several trusted users, where one=20 > compromised (whether technically or mentally :-) user can easily=20 > =E2=80=98infect=E2=80=99 other contributors in a way that's very hard to = detect.=20 > =E2=80=98Trusting trust=E2=80=99 comes to mind. Thanks for explaining. Unseriously, I do not the see the difference when several trusted users push to a Git repo, where one compromised user can easily =E2=80=99infect= =E2=80=99 other contributors in a way that=E2=80=99s very hard to detect. ;-) If a compromised user offloads something, how other users of the same server would get this compromised stuff? Maybe I miss something. Considering trusted users (i.e., not conscientiously malicious), the surface of the attack is reproducible builds; similarly to the current situation of substitutes by CI. What do I miss? Well, I do not see the difference between a remote offload server and a shared store on cluster (although probably worse because many users =E2=80= =93 at least some of I know =E2=80=93 of clusters often do not really understand w= hat they do when using Guix ;-)). > Now, we could spin up a separate VM for each user, and just take=20 > the efficiency hit=E2=80=A6 Users would be safe from anything but=20 > VM-escape exploits (which exist but are rare). Do you mean that trusted users would try WM-escape exploits? >> A minimal job submission API with token would be ideal, IMHO.=20 >> But it >> falls into: >> >> Now is better than never. >> Although never is often better than *right* now. >> >> =E2=80=93 python -c 'import this' = =E2=80=93 > > What does this mean? It is The Zen of Python. :-) These sentences express the complexity of the right balance, IMHO. Sorry if it was unclear. Otherwise, the complete Zen reads: --8<---------------cut here---------------start------------->8--- $ python -c 'import this' The Zen of Python, by Tim Peters Beautiful is better than ugly. Explicit is better than implicit. Simple is better than complex. Complex is better than complicated. Flat is better than nested. Sparse is better than dense. Readability counts. Special cases aren't special enough to break the rules. Although practicality beats purity. Errors should never pass silently. Unless explicitly silenced. In the face of ambiguity, refuse the temptation to guess. There should be one-- and preferably only one --obvious way to do it. Although that way may not be obvious at first unless you're Dutch. Now is better than never. Although never is often better than *right* now. If the implementation is hard to explain, it's a bad idea. If the implementation is easy to explain, it may be a good idea. Namespaces are one honking great idea -- let's do more of those! --8<---------------cut here---------------end--------------->8--- Cheers, simon