Re: Public guix offload server

[zimoun]

Hi,

On Thu, 21 Oct 2021 at 21:15, "Jonathan McHugh" <indieterminacy@libre.brussels> 
wrote:
> October 21, 2021 8:10 PM, "zimoun" <zimon.toutoune@gmail.com> wrote:

>>> Now, we could spin up a separate VM for each user, and just take
>>> the efficiency hit… Users would be safe from anything but
>>> VM-escape exploits (which exist but are rare).
>> 
>> Do you mean that trusted users would try WM-escape exploits?
>
> The world has been formed by warewolves inside communities purposely
> causing harm. Looking further back, Oliver the Spy is a classic
> examplar of trust networks being hollowed out.

I cannot assume that on one hand one trusted person pushes to the main
Git repo in good faith and on other hand this very same trusted person
behaves as a warewolves using a shared resource.

For sure, one can always abuse the trust.  Based on this principle, we
could stop any collaborative work right now.  The real question is the
evaluation of the risk of such abuse by trusted people after long period
of collaboration (that’s what committer usually means).

Various examples exist on this kind of abused trust.  Oliver the Spy is
one, Mark Kennedy/Stone is another recent one.

Anyway! :-)

All the best,
simon