From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id bz3hKvQ/pGA9JwEAgWs5BA (envelope-from ) for ; Wed, 19 May 2021 00:30:12 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id GBznJfQ/pGBvOQAAbx9fmQ (envelope-from ) for ; Tue, 18 May 2021 22:30:12 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 96DD71BBA8 for ; Wed, 19 May 2021 00:30:11 +0200 (CEST) Received: from localhost ([::1]:57154 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lj8E6-00044R-MN for larch@yhetil.org; Tue, 18 May 2021 18:30:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41672) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lj8Dv-00043w-4C for guix-devel@gnu.org; Tue, 18 May 2021 18:29:59 -0400 Received: from mira.cbaines.net ([2a01:7e00:e000:2f8:fd4d:b5c7:13fb:3d27]:39771) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lj8Dt-0007lx-4V; Tue, 18 May 2021 18:29:58 -0400 Received: from localhost (unknown [IPv6:2a02:8010:68c1:0:8ac0:b4c7:f5c8:7caa]) by mira.cbaines.net (Postfix) with ESMTPSA id 0E1B927BC78; Tue, 18 May 2021 23:29:55 +0100 (BST) Received: from capella (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 424a449e; Tue, 18 May 2021 22:29:54 +0000 (UTC) References: <878s4ye116.fsf@cbaines.net> <87lf8bbzbl.fsf@cbaines.net> <87wnrv68h7.fsf@gnu.org> User-agent: mu4e 1.4.15; emacs 27.1 From: Christopher Baines To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: Bringing substitutes from the Guix Build Coordinator to users In-reply-to: <87wnrv68h7.fsf@gnu.org> Date: Tue, 18 May 2021 23:29:52 +0100 Message-ID: <87im3fbrq7.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a01:7e00:e000:2f8:fd4d:b5c7:13fb:3d27; envelope-from=mail@cbaines.net; helo=mira.cbaines.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org, 48435@debbugs.gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1621377012; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=VzAXv/+9HtV48PpaMZ+U92w5AwprkjfkujyBbvBaHME=; b=nt5tYxst53qKTj+S8W8RWLfoAhgRRs9MK2VbILgXHSowgds3nBXfxaI+LNHqP5n2ZqGoIl BKhIAfCQb5rdTWO28YMap+FlRY4OOQ0yYyYHQjOShY2MEXKUNycU+GilGlBfQHIZrxafAP o7zm2nqnHNI0dm47yvJIC2YradP5A97On69Qt+LRbNqroh/YwXbgv9FjeGyH+CCVg4ckq+ iJuVQqmKsG3nWnzWpYa59v2KWbeAKhgCgW5OlE5tiF8pJ4KNCwD7K3FxuhRjNTxTnCYUQP XmcnrZwf9YNAptIqxqYd5hChqqFqq6v4N2/4IinInrg/SrKTiMRILzSJIAXZKQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1621377012; a=rsa-sha256; cv=none; b=che3OdQvrZMcYAltPEywr9ZGxWnzocncthXA/6WycuUVrd8nQ9MXZaSaDYOOuWgzEc3PML lS/rpaxrarJvn0oMqTvvM6cQ2XIQP1JFd18R2jAmXqsYicd14jPFGk5U3v4uTJILjvA462 P9bkpbrTRbL6fvpNGtdKcibqtkS9JGlJqCCRM8hUdC7fd50U6ifcuP10bFrIOLx7g+02A0 bPWAaFLTBcPqE22OQtTdYNxq13nl7xduVBzogEKKFTw+eOmen1t8gp8ornqLRr3KZGDZKP BsulWhcMZiLMfEo31sgqiHprTslLRz7Tb1qQC75qaPhKLa1rBIrV1vuM64O8+Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -4.54 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 96DD71BBA8 X-Spam-Score: -4.54 X-Migadu-Scanner: scn0.migadu.com X-TUID: +rQ1wnPOMVd7 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > Hello! > > Christopher Baines skribis: > >> Christopher Baines writes: >> >>> Is there still a path to bring some of these benefits to users, and if >>> so, what things need doing? > > [...] > >> Obviously just having the substitutes doesn't magically get them to >> users, so I've started looking in to the changes to start making that >> happen. Adding the signing key and changing the defaults in a few places >> seems like a good step forward [1]. >> >> 1: https://issues.guix.gnu.org/48435 >> >> I want to push on with this within the next couple of weeks, mostly so I >> can shift focus to Outreachy and the security related tooling work, but >> also because I still think this will be a good step forward in terms of >> substitute availability for users. It's been over a year now since >> implementation started, so it would be good to actually make a positive >> difference. > > I=E2=80=99m fine with distributing an extra signing key alongside that of > ci.guix.gnu.org. Great. > I=E2=80=99m unsure about having two substitute URLs by default since it a= dds a > bit of overhead, though that overhead is only upon cache misses (I have > that setup on my laptop actually). All of this work has been built on the assumption that it's possible to do better in providing substitutes, and anecdotally from the data I've seen over the last year, that should be possible, even with the limited hardware (compared to ci.guix.gnu.org) connected to bayfront. So yes, that's a valid concern, but if all the addition of bayfront does is make users wait a little longer because of cache misses, it's a sign that the whole endeavour is not working out. > It=E2=80=99s also a one-way change: people are likely to keep the defaults > =E2=80=9Cforever=E2=80=9D. So we can=E2=80=99t just =E2=80=9Cexperiment= =E2=80=9D and change our mind later. > That means we should at least have a DNS entry that=E2=80=99s not tied to= a > particular machine, like ci2.guix.gnu.org or whatever. That sounds sensible. On the specific name, given this is just about substitutes, and at least in my opinion has nothing to do with continuous integration, maybe picking just another word would avoid thinking too much, it could be bordeaux, or hippo, or anything really. As you say, stability and not being tied to a particular machine is the important thing. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmCkP+BfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9XdMWQ/8DxpIzlA5N/TgdeqrcgcvPDVNwZ1Oqk3b qwI2nL/rb2gM7HXZf+HC1q8YfrNZHctxPBoTqUYm8PnXb24yTdJRElcx1pW2Fjkq +TwZLII4SYrxJzVdUSYHtb1DMkJrAu7ern+WOi44zD51zAF8qSjR6joP2dv7XjJl M6TW4X8DWRl4GwRpF1VGvFk2h4Zx4qTJgg7T3oOw++AJ1A4oOWrIOe5Jphepfrgv TBTUSRKrBLqHeZ8ilQTBzeq7lVmRT1htrNC+Y3D8r0gAwcKs4+fxQY0Nr8yWQvil HsttpbLvjxopeLpHTRAyBdYXGtlw9zctNIzHLEJyHb9hfrjeEWNQ0gp2MAtqOUlE 2VHw8YPzQrLmZJzi0dPtYsiALTBnExa0DYoZPpwv1uNGN8aurA4YdQeRhOpVlD6u cMteS5Rj8xU16yM0z021iSsGgc1dCFlPXg6Kh7M+eFnchyzu5QXB8frnOWwSCjtd 0F71LUcAL60BHS+DCPT5APxTWOCo1Bzdq+wOB6Tl62QarbYY1PJgYatq7tkE+awo 7AwuulAb3+u1D8o2fEwdtxVP29gx9VCSJLkagEaj7r9I4SMQ1bN57LM8gQTivXA5 72V7xz0Pg8zsmhgc9rVozkZjilUPeV6v2b5uKd2EnfE87o1+7HPimADqEbLKBPqw /AjA5zIZYW8= =XHRM -----END PGP SIGNATURE----- --=-=-=--