From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id yBAKIstrcmGJYAEAgWs5BA (envelope-from ) for ; Fri, 22 Oct 2021 09:44:11 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id sKHMHctrcmGZMgAAB5/wlQ (envelope-from ) for ; Fri, 22 Oct 2021 07:44:11 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D3E4A2962F for ; Fri, 22 Oct 2021 09:44:10 +0200 (CEST) Received: from localhost ([::1]:50278 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mdpDl-0007IZ-VO for larch@yhetil.org; Fri, 22 Oct 2021 03:44:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38098) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mdpDY-0007I5-OU for guix-devel@gnu.org; Fri, 22 Oct 2021 03:43:56 -0400 Received: from mail-wr1-x42a.google.com ([2a00:1450:4864:20::42a]:41483) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mdpDV-000054-Oy for guix-devel@gnu.org; Fri, 22 Oct 2021 03:43:56 -0400 Received: by mail-wr1-x42a.google.com with SMTP id d3so3333210wrh.8 for ; Fri, 22 Oct 2021 00:43:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-transfer-encoding; bh=IMa3f0fy5mP86uunH68fCgLCZqxtvnIkn/fPCOtmdhM=; b=nCsgB/15KeEFS1KZcQZKbME+uKxl5U1BbRa4PcGd3EreCX1voqrvhs66oHwXfW5BBe zLMMPBv9goFKQgv/MMT8QkUwt/D+wyLv59p5M/Gu806jFknH5vIXAWhkNDabm5XcrhB/ 6ZJXDQtVKqBuacad0jcBTJ84TV/TYt+aPuuNo8IT8GPeP40J6hl+/jWIfIdPRvVVSw+g aNWzQfhMxIgy6aWaV05SdVsrjom6EfMPdDgF7v8ZPGwk1lAOLgkXSNbgL1AU1xMs7BH7 NofKXM8KjK/DOFq9SKCPfI4Z027SW4dOpodoOtNWncyW21kXEI4qjtmDUD5BozDNzGD6 X3Bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=IMa3f0fy5mP86uunH68fCgLCZqxtvnIkn/fPCOtmdhM=; b=ewTa7DVVmqoL5xbbrDSJ8Ehtpl5TWIJTnEcrxl3CVNbU7hm+R2YZ8Qhg4BfuNTQeJq 0oHWqUooHPD3uO62qLighSboMW+PMBZSbywsHwqkMIu2WR0CMp770gKE2wXvoBMZ2J2S RcuC7FqK54mOQ+GVOaLmHIkL0GERymYP2mO69BgMeFYz2MLyY9y5DK3Jmq1Va0Y8Uwlz obetMkbPkE4f8fZrke2Bj2yLSD+VVYrXTzrE0tV/X0hHflSk7yYMlqM1CXpxbdcBZr4Y 8y6r12NQGyd8NWpAsPemZynPq2ESJVUNxtdGHxUjRWCDJ9JJEsedeq8ytF6knqbAMFjm hiqQ== X-Gm-Message-State: AOAM532wEfI9vTUIWWGJn7r/lQcDGxiCJdE23aE8m6wVnh1kfFlECRlc I+TfW98yfRagCK37YH0Ez0A4mS+a9JY= X-Google-Smtp-Source: ABdhPJyIM0nQeLsFSggcJzz7V20sIg+HQUORl4oF+hMZGexNfmJTUIEhd99PdV/l+JBlKD3/IaJzUA== X-Received: by 2002:a5d:500f:: with SMTP id e15mr13685405wrt.79.1634888632016; Fri, 22 Oct 2021 00:43:52 -0700 (PDT) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id f24sm6966922wmb.33.2021.10.22.00.43.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Oct 2021 00:43:51 -0700 (PDT) From: zimoun To: Tobias Geerinckx-Rice Subject: Re: Public guix offload server In-Reply-To: <87mtn256it.fsf@nckx> References: <864k9a2r1m.fsf@gmail.com> <878rynh0yq.fsf@systemreboot.net> <87cznz74l5.fsf@nckx> <864k9ag5k0.fsf@gmail.com> <87a6j272oz.fsf@nckx> <14fcfe6c31dab2128746730df72caba0@libre.brussels> <867de611ya.fsf@gmail.com> <87mtn256it.fsf@nckx> Date: Fri, 22 Oct 2021 09:33:35 +0200 Message-ID: <86r1cdzf74.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::42a; envelope-from=zimon.toutoune@gmail.com; helo=mail-wr1-x42a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1634888651; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=IMa3f0fy5mP86uunH68fCgLCZqxtvnIkn/fPCOtmdhM=; b=SWwpuJuOe9pdYiHI8fyIXliaqMIzQFTvz6ZPVdIohhtAtIlN6AMpwuFQgZQD39g66o0yFh ByRKJpFbrTkMwSPL+R1bTp4rGkP7NWjzj9FCuxDhdFSg/T5Eed8oi1SwfrE7J+pTkuyGjz nilRj/SujNz6QIoLJKd3vlcCcnJRG5IC33R+yzjEpjHQl898RjSqNnRrMT8Q31ES1McRCb m61/ZXR1ounhdqrZQpCtYxWRbzTnCzBOtHa7mz2xPt0IiJKYdkWi5XrJg8iOVjXwMtkthJ gRh3P/uchTtUqhNbftmRTb7NC3TB5HPCli0dGyFg/2oUTfihKj+8DZRwK7BDMw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1634888651; a=rsa-sha256; cv=none; b=ic1+r6t3Putd9VO17x8dVkZuq2gvd6zg/Tv3H5lXjApWFeayMfrXxtQ4qK7mKu/P7VFJjJ 0C4w1HALOTyxBzwbD/rqsGVMUjcKDu8EebMDn87gJAzqxJV23ZS6cCQ7zK1XLvKMD3SI7O J+/Ra4IiS9jlBfMI7ACJ6DkUQGglpCb5smjH/HMg9+iEAU0rWbeAfNe/nNHjYvyX6wOGi4 JT4M8SLiAQzAe4Fff21SLZ7GbAHDl4EoRcm7emnFyhV9GqypRlTtRZPIymKDg81+VOi4rr npl6l7aJNt976eRdgmUq5C5Kez0zOy4Q3BYJkwngvdxvLi5lD1Mn8ud9NXpbtw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b="nCsgB/15"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -1.33 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b="nCsgB/15"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: D3E4A2962F X-Spam-Score: -1.33 X-Migadu-Scanner: scn0.migadu.com X-TUID: MSeP00ANH6pP Hi Tobias, I understand your point of view. On Fri, 22 Oct 2021 at 00:16, Tobias Geerinckx-Rice wrote: > Trusting people not to be evil is not the same as having to trust=20 > the opsec habits of every single one of them. Trust isn't=20 > transitive. Personally, I don't think a rogue zimoun will=20 > suddenly decide to abuse us. I think rogues will abuse zimoun the=20 > very first chance they get. >From my understanding, here is the net of our =E2=80=9Cdisagreement=E2=80= =9D. > That's not a matter of degree: it's a whole different threat=20 > model, as is injecting arbitrary binaries vs. pushing malicious=20 > code commits. Both are bad news, but there's an order of=20 > magnitude difference between the two. And I miss the threat model about =E2=80=9Cinjecting binaries=E2=80=9D in t= he case of shared offload. Anyway. :-) Let move forward and discuss another solution than the usual offload. You pointed the idea =C2=ABone might consider dropping SSH account-based access in favour of a minimal job submission API, and just return the results through guix publish or so=E2=80=A6? OTOH, that's yet another code path.=C2=BB Imagine another Cuirass instance where any committer could add [1] their own branch. It would act as this minimal job submission API. 1: The questions are the authentication to this Cuirass instance and how Cuirass deals with rebased branch (which would happen). WDYT? Cheers, simon