guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Public guix offload server

From: Tobias Geerinckx-Rice
Subject: Re: Public guix offload server
Date: Thu, 21 Oct 2021 18:31:49 +0200 
Hi Simon,

zimoun 写道:
If I understand correctly, if a committer offloads to say Berlin or Bayfront, your concern is that the output will be in the publicly 
exposed store.  Right?
No, that would be far worse. I'm considering only a ‘private’ offload server shared by several trusted users, where one compromised (whether technically or mentally :-) user can easily ‘infect’ other contributors in a way that's very hard to detect. ‘Trusting trust’ comes to mind.
For instance, one could imagine a dedicated VM for all the committers 
who require some CPU power.


Right, that's what I'm describing in my previous mail.
Now, we could spin up a separate VM for each user, and just take the efficiency hit… Users would be safe from anything but VM-escape exploits (which exist but are rare).
A minimal job submission API with token would be ideal, IMHO. But it 
falls into:

        Now is better than never.
        Although never is often better than *right* now.

                                    – python -c 'import this' –


What does this mean?

Kind regards,

T G-R

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]