From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id sKk2GpjlcWHIGAAAgWs5BA (envelope-from ) for ; Fri, 22 Oct 2021 00:11:36 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id SH7iFZjlcWGuDAAAB5/wlQ (envelope-from ) for ; Thu, 21 Oct 2021 22:11:36 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 040D31264B for ; Fri, 22 Oct 2021 00:11:36 +0200 (CEST) Received: from localhost ([::1]:38714 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mdgHf-000625-4N for larch@yhetil.org; Thu, 21 Oct 2021 18:11:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58718) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mdg7M-0003jQ-Ir for guix-devel@gnu.org; Thu, 21 Oct 2021 18:00:56 -0400 Received: from mail-wm1-x331.google.com ([2a00:1450:4864:20::331]:51919) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mdg7K-00053y-Ue for guix-devel@gnu.org; Thu, 21 Oct 2021 18:00:56 -0400 Received: by mail-wm1-x331.google.com with SMTP id p21so998316wmq.1 for ; Thu, 21 Oct 2021 15:00:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-transfer-encoding; bh=O56nqtYVOZhknKnSMlvlieyUlaX5B70B8Ytoz09/7yw=; b=h8VKB4bNHn7cxr8kzBQiu1E8I341dE81dAx4shxitWJ7z0lLJNL51JReZU2hqPzzhX zaI2f4+AuoMNHloCBeG7FXQuPeBT1/gPesPdoeYTiubkaevgWZwh111+tA5eKOPj79sp WgRiaihPC48yxjLAXXVsZK/BTsJkjqaEY5mFh0sXp3E9/yWEMf+UZvum5Jy8lJTObxsQ r8ijbWpyxcSXcpuYlH/54oKeBbf5U9jDrbQVSE080gHWARPt+EdGQY2eC7eXUjO8Sxj1 xrqFUjuTJuCMUqADWcblsSJTyJx/feB6iSCHYxfEWA2NX8LyDL1B4UNf4fXEiuR/H534 Kn8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=O56nqtYVOZhknKnSMlvlieyUlaX5B70B8Ytoz09/7yw=; b=4mcwK3KVw4FMU8EsM12KMG2rEXxUnOrzxSUIdWHuMLsOG0o7WQ8FOH7zR4W9JQt1Rj G+xHPY/CJYrpq/UJscIbB4PYuUMpHbHGqHVlNX5x1BpQSMD9s+MYZBHEOKK1ALiIOme9 lla4PfohDb7CFYW+NdQ80ZIpNLR6KMwRxAr6X1chTDT/pVOwPAhC3dyMnep2rxK2YEwh +klsTkIxQF1wkwNoJ2IxYlmJyvZ0byMMeyQuQvJOM83rxbEnoyq2sQ/VIRZBL+dj7Ljz a0fBjllXiWfosqu7M+Z0MjMHxjUuqBvL6mx4ayfBSEzMdX+tYxvfzOHryzCuinRpXxdM /Faw== X-Gm-Message-State: AOAM533h8XnCPfPqiDkivVZibI7pjt/QpwATwCPMx0ROZqBmci4chNV+ s/SBDujAWzc26tPTa0c8/XlGDMDGkY4= X-Google-Smtp-Source: ABdhPJxskxiytDI4Tqr+VxA9sbHvkCMKCTV1/QB+xmznojDaoMIqEd2Pu++NJnPDvk/sCf/wuRdz9g== X-Received: by 2002:a05:600c:22d0:: with SMTP id 16mr24394707wmg.35.1634853651923; Thu, 21 Oct 2021 15:00:51 -0700 (PDT) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id a5sm5945041wrn.71.2021.10.21.15.00.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Oct 2021 15:00:51 -0700 (PDT) From: zimoun To: Jonathan McHugh , Tobias Geerinckx-Rice Subject: Re: Public guix offload server In-Reply-To: <14fcfe6c31dab2128746730df72caba0@libre.brussels> References: <864k9a2r1m.fsf@gmail.com> <878rynh0yq.fsf@systemreboot.net> <87cznz74l5.fsf@nckx> <864k9ag5k0.fsf@gmail.com> <87a6j272oz.fsf@nckx> <14fcfe6c31dab2128746730df72caba0@libre.brussels> Date: Thu, 21 Oct 2021 23:51:25 +0200 Message-ID: <867de611ya.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::331; envelope-from=zimon.toutoune@gmail.com; helo=mail-wm1-x331.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1634854296; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=O56nqtYVOZhknKnSMlvlieyUlaX5B70B8Ytoz09/7yw=; b=AVrk+ArX2k2NtL8iYftUFU2CSzCWaziIkApG88C0wnPmVoUAYWdqt6QHe2GBcYX7iz/is0 zg1nfVL18YPZW1wTS5y2X/Ircu/B21TCQp8/jpq5B5MLfk6XVJ0EbeZERmjeFbDIv524te JhaKSE90v0brOjCV19kNQjDCn5HFpU5MA6pLWXU8EeUPXwgLNoYEl5cGd/Uub9QRYH+dkt apiuiy95tovhBFtMxyj+FNqr/cDuKa9tp+UA075XpkqgpnR/rUSq6sQCentG8aP+PKdgFF cgT8xiBlbUpX72MzypkcrH2TqpgL42L4RX0btecK0pH5s3EtR+FEfO+E7Ymvfw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1634854296; a=rsa-sha256; cv=none; b=Dp0kHA/aj0bwaJBDfTnWSdv0yv7ntHrD0idpOgZ/xoSqdiEXNTpF+Gw2Ic7tuv5beSnU5T 9IlvepMfWXaWYAmwQXm4I6ov6wr9kvagwsv9P+BAcf+fFUpllz5ZrBxcqqyO3nZ+kLbCH9 rWUgMm2bSH3PXjsMn6A4y1VfaVACGZz+Mx5EgWTXAmO6DHHEQ6cy15uHMDcLWmd7Nda+ga sMqSEibFeKuEe53kCpMsXoZCsP7iuBMUzpXze7TIOh+DCrfbZvbp9VOJtwb3dZ3abbzy0R pUfNNZuC/SJfo/RNp6tiJk4LZtOSKnp4MQr0aLSQBKrHlopvfU/Fm55aFq9vqA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=h8VKB4bN; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -3.13 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=h8VKB4bN; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 040D31264B X-Spam-Score: -3.13 X-Migadu-Scanner: scn0.migadu.com X-TUID: MDBtMyldPC1r Hi, On Thu, 21 Oct 2021 at 21:15, "Jonathan McHugh" wrote: > October 21, 2021 8:10 PM, "zimoun" wrote: >>> Now, we could spin up a separate VM for each user, and just take >>> the efficiency hit=E2=80=A6 Users would be safe from anything but >>> VM-escape exploits (which exist but are rare). >>=20 >> Do you mean that trusted users would try WM-escape exploits? > > The world has been formed by warewolves inside communities purposely > causing harm. Looking further back, Oliver the Spy is a classic > examplar of trust networks being hollowed out. I cannot assume that on one hand one trusted person pushes to the main Git repo in good faith and on other hand this very same trusted person behaves as a warewolves using a shared resource. For sure, one can always abuse the trust. Based on this principle, we could stop any collaborative work right now. The real question is the evaluation of the risk of such abuse by trusted people after long period of collaboration (that=E2=80=99s what committer usually means). Various examples exist on this kind of abused trust. Oliver the Spy is one, Mark Kennedy/Stone is another recent one. Anyway! :-) All the best, simon