Re: armhf build machines

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: armhf build machines

From:	Ludovic Courtès
Subject:	Re: armhf build machines
Date:	Wed, 09 Dec 2015 14:50:26 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Mark H Weaver <address@hidden> skribis:

> address@hidden (Ludovic Courtès) writes:
>
>> Mark H Weaver <address@hidden> skribis:
>>
>>> address@hidden (Ludovic Courtès) writes:
>>>
>>>> Leo Famulari <address@hidden> skribis:
>>>>
>>>>> What sort of machine would be appropriate for hydra?
>>>>
>>>> Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least.
>>>
>>> I would also add that it should run Libreboot, for which the ASUS
>>> KGPE-D16 is currently the best supported server-class motherboard.
>>
>> Right, I would prefer it as well; I hope we can find such rackable
>> servers.
>>
>> If it turns out that all we can buy in practice is an ME-backdoored
>> server,
>
> Under what set of circumstances would this be the case?

I don’t know, I’m just showing my ignorance.  :-)

> The ASUS KGPE-D16 is widely available.  It's even available
> pre-flashed with Libreboot from minifree.org, the company run by
> Francis Rowe, the creator of Libreboot.

So that sounds perfect.  Does it meet the other requirements above?

(We discussed it a couple of times on IRC, but I admit I never took the
time to learn more about what’s available.)

>> I *might* be willing to take it, with the understanding that it
>> would become less and less of a single point of trust (assuming more of
>> our package builds become reproducible, and other users publish binaries
>> as well.)
>
> If hydra is compromised, then its private key could be stolen and
> facilitate targetted delivery of malicious binary substitutes to
> individual users.  The existence of other users who run 'guix challenge'
> would not prevent that, afaict.
>
> Anyway, to my mind, the security issues are secondary.  We should avoid
> running non-free software wherever feasible.  It is now fairly easy for
> us to arrange for hydra.gnu.org to run 100% free software from the boot
> firmware up.  Given this, and our commitment to free software, I'm
> surprised that we would not make this a priority.

This is definitely important, and again, if the servers Francis’ company
provides fit the bill, then go for it!

Thanks for your feedback,
Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

armhf build machines, Efraim Flashner, 2015/12/07
- Re: armhf build machines, Andreas Enge, 2015/12/07
  - Re: armhf build machines, Leo Famulari, 2015/12/07
    - Re: armhf build machines, Ludovic Courtès, 2015/12/07
    - Re: armhf build machines, Mark H Weaver, 2015/12/07
    - Re: armhf build machines, Ludovic Courtès, 2015/12/08
    - Re: armhf build machines, Mark H Weaver, 2015/12/08
    - Re: armhf build machines, Ludovic Courtès <=

Prev by Date: Contributor covenant
Next by Date: Re: [PATCH] gnu: rxvt-unicode: Add the terminal capability data.
Previous by thread: Re: armhf build machines
Next by thread: getting started test-building packages without breaking the system profile?
Index(es):
- Date
- Thread