Re: Providing/Submitting substitutes

[phodina <phodina@protonmail.com>]

Hi Tobias,

> Petr,
>
> phodina via 写道：
>
> > However, since I already built the browser and it took several > hours
> >
> > I'd like to provide it also to other people.
>
> That's very considerate of you. Thank you!

My thanks go to all contributors of Guix for creating such amazing project!

>
> > Is there a way to submit the outputs of derivation to the > official
> >
> > substitution server or the only way would be to make public my
> >
> > substitution server?
>
> I'm afraid so (the latter). As you mention, this would require trusting the other party but to an unreasonably degree: the ability to redistribute arbitrary binaries, signed by the project, to all Guix users.

I was afraid so. However, that is understandable as security and trust would have to be sacrificed and it would open a large vector of attack against Guix users.
>
> That said, if your substitution server has decent uptime, traffic, and a public IP, nothing's stopping you from putting up a disclaimer page (like guix.tobias.gr… or better) and serving your substitutes to others.

I do have a VPS server currently running NixOS as this was the first system with the different concepts. Though, I'm now creating a patch for the provider [1] in order to run Guix System there. It has decent storage, performance and network connectivity.

>
> Adding the guix publish service is trivial, about as much work as typing ‘guix archive --export’ once, and is a one-time effort!
>
> </promo>

No need for the promo, I want to run a substitution server (figure out how to do it correctly and securely) as otherwise this machine is sitting there mostly idle.

>
> > Correct me if I'm wrong but can't this be solved be verified by
> >
> > using guix challenge?
>
> In this case, I don't see how. Guix challenge is a valuable tool but to use it in this way requires a fundamentally trusted party (e.g., you, or say, bordeaux.guix.gnu.org) to be distributing their own independently-built copy.

>
> If that were the case you wouldn't have had to build it yourself. So it could be used after the fact, or for general ‘hm, this is interesting’ flagging for further research, and that's not good enough here. Copies would have been distributed by then.
>
> Challenges between 2 supposedly independent unofficial substitute providers would be quite vulnerable to various kinds of subversion.
>
> Kind regards,
>
> T G-R

Thanks for the explanation. If I understand this correctly than it basically
boils down to trusting the parties themselves.

----
Petr

[1] https://vpsfree.cz