[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: armhf build machines
From: |
Ludovic Courtès |
Subject: |
Re: armhf build machines |
Date: |
Wed, 09 Dec 2015 14:50:26 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Mark H Weaver <address@hidden> skribis:
> address@hidden (Ludovic Courtès) writes:
>
>> Mark H Weaver <address@hidden> skribis:
>>
>>> address@hidden (Ludovic Courtès) writes:
>>>
>>>> Leo Famulari <address@hidden> skribis:
>>>>
>>>>> What sort of machine would be appropriate for hydra?
>>>>
>>>> Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least.
>>>
>>> I would also add that it should run Libreboot, for which the ASUS
>>> KGPE-D16 is currently the best supported server-class motherboard.
>>
>> Right, I would prefer it as well; I hope we can find such rackable
>> servers.
>>
>> If it turns out that all we can buy in practice is an ME-backdoored
>> server,
>
> Under what set of circumstances would this be the case?
I don’t know, I’m just showing my ignorance. :-)
> The ASUS KGPE-D16 is widely available. It's even available
> pre-flashed with Libreboot from minifree.org, the company run by
> Francis Rowe, the creator of Libreboot.
So that sounds perfect. Does it meet the other requirements above?
(We discussed it a couple of times on IRC, but I admit I never took the
time to learn more about what’s available.)
>> I *might* be willing to take it, with the understanding that it
>> would become less and less of a single point of trust (assuming more of
>> our package builds become reproducible, and other users publish binaries
>> as well.)
>
> If hydra is compromised, then its private key could be stolen and
> facilitate targetted delivery of malicious binary substitutes to
> individual users. The existence of other users who run 'guix challenge'
> would not prevent that, afaict.
>
> Anyway, to my mind, the security issues are secondary. We should avoid
> running non-free software wherever feasible. It is now fairly easy for
> us to arrange for hydra.gnu.org to run 100% free software from the boot
> firmware up. Given this, and our commitment to free software, I'm
> surprised that we would not make this a priority.
This is definitely important, and again, if the servers Francis’ company
provides fit the bill, then go for it!
Thanks for your feedback,
Ludo’.