Re: U.S. Midwest based build farm

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: U.S. Midwest based build farm

From:	Maxime Devos
Subject:	Re: U.S. Midwest based build farm
Date:	Sat, 11 Jun 2022 22:00:39 +0200
User-agent:	Evolution 3.38.3-1

jbranso@dismail.de schreef op za 11-06-2022 om 16:06 [+0000]:
> What's good and/or bad about this idea?

A positive point: extra resources, could be useful for reproducibility
testing, ...?

A negative point: extra points through with malware can be introduced
(->compromises).  Can be solved by reproducible builds and variation of
"guix challenge". Unfortunately, "guix challenge" is inherently racy.
"guix substitute" currently only checks that the narinfo has a _single_
authorised signature, maybe it can be adjusted to allow the user to
ask: ‘only consider a substitute to be authorised if the same hash is
signed by N different authorised keys’?

Other points: ...?

Greetings,
Maxime.

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

U.S. Midwest based build farm, jbranso, 2022/06/11
- Re: U.S. Midwest based build farm, Maxime Devos <=
  - Re: U.S. Midwest based build farm, Vagrant Cascadian, 2022/06/11
- Re: U.S. Midwest based build farm, jbranso, 2022/06/11

Prev by Date: U.S. Midwest based build farm
Next by Date: Re: U.S. Midwest based build farm
Previous by thread: U.S. Midwest based build farm
Next by thread: Re: U.S. Midwest based build farm
Index(es):
- Date
- Thread