[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Public guix offload server
From: |
zimoun |
Subject: |
Re: Public guix offload server |
Date: |
Fri, 22 Oct 2021 09:33:35 +0200 |
Hi Tobias,
I understand your point of view.
On Fri, 22 Oct 2021 at 00:16, Tobias Geerinckx-Rice <me@tobias.gr> wrote:
> Trusting people not to be evil is not the same as having to trust
> the opsec habits of every single one of them. Trust isn't
> transitive. Personally, I don't think a rogue zimoun will
> suddenly decide to abuse us. I think rogues will abuse zimoun the
> very first chance they get.
>From my understanding, here is the net of our “disagreement”.
> That's not a matter of degree: it's a whole different threat
> model, as is injecting arbitrary binaries vs. pushing malicious
> code commits. Both are bad news, but there's an order of
> magnitude difference between the two.
And I miss the threat model about “injecting binaries” in the case of
shared offload. Anyway. :-)
Let move forward and discuss another solution than the usual offload.
You pointed the idea «one might consider dropping SSH account-based
access in favour of a minimal job submission API, and just return the
results through guix publish or so…? OTOH, that's yet another code
path.»
Imagine another Cuirass instance where any committer could add [1] their
own branch. It would act as this minimal job submission API.
1: <https://ci.guix.gnu.org/specification/add/>
The questions are the authentication to this Cuirass instance and how
Cuirass deals with rebased branch (which would happen).
WDYT?
Cheers,
simon
- Public guix offload server, Arun Isaac, 2021/10/20
- Re: Public guix offload server, Tobias Geerinckx-Rice, 2021/10/20
- Re: Public guix offload server, Leo Famulari, 2021/10/20
- Re: Public guix offload server, zimoun, 2021/10/21
- Re: Public guix offload server, Tobias Geerinckx-Rice, 2021/10/21
- Re: Public guix offload server, zimoun, 2021/10/21
- Re: Public guix offload server, Jonathan McHugh, 2021/10/21
- Re: Public guix offload server, zimoun, 2021/10/21
- Re: Public guix offload server, Tobias Geerinckx-Rice, 2021/10/21
- Re: Public guix offload server,
zimoun <=
- Re: Public guix offload server, Arun Isaac, 2021/10/23
- Re: Public guix offload server, zimoun, 2021/10/23
- Re: Public guix offload server, Arun Isaac, 2021/10/24
- Re: Public guix offload server, indieterminacy, 2021/10/25
- Re: Public guix offload server, Jonathan McHugh, 2021/10/22
Re: Public guix offload server, Arun Isaac, 2021/10/21
Re: Public guix offload server, Ludovic Courtès, 2021/10/29
Re: Public guix offload server, Leo Famulari, 2021/10/20