[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: U.S. Midwest based build farm

From: Maxime Devos
Subject: Re: U.S. Midwest based build farm
Date: Sat, 11 Jun 2022 22:00:39 +0200
User-agent: Evolution 3.38.3-1 schreef op za 11-06-2022 om 16:06 [+0000]:
> What's good and/or bad about this idea?

A positive point: extra resources, could be useful for reproducibility
testing, ...?

A negative point: extra points through with malware can be introduced
(->compromises).  Can be solved by reproducible builds and variation of
"guix challenge". Unfortunately, "guix challenge" is inherently racy.
"guix substitute" currently only checks that the narinfo has a _single_
authorised signature, maybe it can be adjusted to allow the user to
ask: ‘only consider a substitute to be authorised if the same hash is
signed by N different authorised keys’?

Other points: ...?


Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]