[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: U.S. Midwest based build farm
From: |
jbranso |
Subject: |
Re: U.S. Midwest based build farm |
Date: |
Sat, 11 Jun 2022 20:13:30 +0000 |
June 11, 2022 4:00 PM, "Maxime Devos" <maximedevos@telenet.be> wrote:
> jbranso@dismail.de schreef op za 11-06-2022 om 16:06 [+0000]:
>
>> What's good and/or bad about this idea?
>
> A positive point: extra resources, could be useful for reproducibility
> testing, ...?
That's actually a good idea. I could give limited ssh access to a few
guix developers. Those guix developers could use my old and hopefully
more powerful machines to quickly compile software. Rust takes ages
to compile...
>
> A negative point: extra points through with malware can be introduced
> (->compromises). Can be solved by reproducible builds and variation of
> "guix challenge". Unfortunately, "guix challenge" is inherently racy.
> "guix substitute" currently only checks that the narinfo has a _single_
> authorised signature, maybe it can be adjusted to allow the user to
> ask: ‘only consider a substitute to be authorised if the same hash is
> signed by N different authorised keys’?
>
Thanks for the feedback. We could also use the machines as a mirror
or an additional substitute server.
> Other points: ...?
>
> Greetings,
> Maxime.