From: Tobias Geerinckx-Rice <me@tobias.gr>
To: Leo Famulari <leo@famulari.name>
Cc: Arun Isaac <arunisaac@systemreboot.net>, guix-devel@gnu.org
Subject: Re: Public guix offload server
Date: Thu, 21 Oct 2021 18:46:26 +0200 [thread overview]
Message-ID: <874k9a71y4.fsf@nckx> (raw)
In-Reply-To: <YXCeExHn4GF/vDEt@jasmine.lan>
[-- Attachment #1: Type: text/plain, Size: 1647 bytes --]
Leo,
Leo Famulari 写道:
> Interesting... I'm not at all familiar with how `guix offload`
> works,
> because I've never used it. But it's surprising to me that this
> would be
> possible. Although after one minute of thought, I'm not sure why
> it
> wouldn't be.
Very quickly:
- You send an offload request to the offload server, but you also
get so send any remotely missing store items that you already
have, as opaque binaries (icecat could be tetris instead).
This is why the offload server has to trust your key. It's
valuable and shouldn't be removed, but making it optional[0]
shouldn't be ‘too hard’.
- The offload sends back one or more store items, which is why you
trust it. This part is just substitution in a different form
(SSH vs. HTTPS etc.)
> However, the Guix security model trusts committers
> implicitly. So, if
> the committers' shared offload server had proper access control,
> one
> might consider it "good enough" in terms of security.
The two are *SO* different as to be incomparable IMO.
You do point out the difference, so I guess we just assess it very
differently:
> Although the
> possibility of spreading malicious binaries is much scarier than
> what
> could be achieved by committing to guix.git, because of the
> relative
> lack of transparency.
Gotta run,
T G-R
[0]: Which would create the
“second, less powerful offload protocol where clients can submit
only derivations to be built by the remote daemon, plus
fixed-output derivations”
I imagined. But this is still hand-waving at this point. :-)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]
next prev parent reply other threads:[~2021-10-21 17:02 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-20 20:53 Public guix offload server Arun Isaac
2021-10-20 21:06 ` Tobias Geerinckx-Rice
2021-10-20 22:54 ` Leo Famulari
2021-10-21 16:46 ` Tobias Geerinckx-Rice [this message]
2021-10-21 8:12 ` zimoun
2021-10-21 16:31 ` Tobias Geerinckx-Rice
2021-10-21 18:04 ` zimoun
2021-10-21 21:15 ` Jonathan McHugh
2021-10-21 21:51 ` zimoun
2021-10-21 22:16 ` Tobias Geerinckx-Rice
2021-10-22 7:33 ` zimoun
2021-10-23 5:49 ` Arun Isaac
2021-10-23 7:23 ` zimoun
2021-10-24 6:43 ` Arun Isaac
2021-10-25 9:27 ` indieterminacy
2021-10-22 7:23 ` Jonathan McHugh
2021-10-21 20:23 ` Arun Isaac
2021-10-29 12:04 ` Ludovic Courtès
2021-10-29 12:01 ` Ludovic Courtès
2021-10-20 22:56 ` Leo Famulari
2021-10-21 15:49 ` Joshua Branson
2021-10-21 16:41 ` Tobias Geerinckx-Rice
2021-10-21 17:22 ` Vagrant Cascadian
2021-10-29 12:06 ` Ludovic Courtès
2021-10-29 12:44 ` Tobias Geerinckx-Rice
2021-10-21 23:40 ` jbranso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874k9a71y4.fsf@nckx \
--to=me@tobias.gr \
--cc=arunisaac@systemreboot.net \
--cc=guix-devel@gnu.org \
--cc=leo@famulari.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.