[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Guix and remote trust

From: Pierre Neidhardt
Subject: Re: Guix and remote trust
Date: Fri, 13 Dec 2019 13:24:08 +0100

zimoun <address@hidden> writes:

> Your question is: how can Alice be sure that she runs the same
> binaries on aneto and balaitou? other said how can she detect baloitou
> has been compromised?
> Is it your use-case?

Yes, you got it right! :)

> If yes, Alice can :
>  1. check the integrity on the balaitou machine by running "guix gc --verify"

I'm not sure this works because if `guix' itself is compromised, 
`guix gc --verify' becomes irrelevant.  Or is there another way?

>  2. publish the store of aneto with "guix publish"

And then install packages from balaitou?  But if Balaitou's "guix" is
compromised, it does not matter that the substitute server is trusted.

Or did you mean something else?

>  3. challenge the store of balaitou against the store of aneto with
> "guix challenge"

This seems like a good option.  In particular, this should verify "guix"
itself, and thus everything else.

So I'd reverse your point.  By first challenging Balaitou, we can trust
the guix executable and from there we can run 1. and 2.


Pierre Neidhardt

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]