[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guix and remote trust
|
From: |
Pierre Neidhardt |
|
Subject: |
Re: Guix and remote trust |
|
Date: |
Fri, 13 Dec 2019 13:24:08 +0100 |
zimoun <address@hidden> writes:
> Your question is: how can Alice be sure that she runs the same
> binaries on aneto and balaitou? other said how can she detect baloitou
> has been compromised?
> Is it your use-case?
Yes, you got it right! :)
> If yes, Alice can :
>
> 1. check the integrity on the balaitou machine by running "guix gc --verify"
I'm not sure this works because if `guix' itself is compromised,
`guix gc --verify' becomes irrelevant. Or is there another way?
> 2. publish the store of aneto with "guix publish"
And then install packages from balaitou? But if Balaitou's "guix" is
compromised, it does not matter that the substitute server is trusted.
Or did you mean something else?
> 3. challenge the store of balaitou against the store of aneto with
> "guix challenge"
This seems like a good option. In particular, this should verify "guix"
itself, and thus everything else.
So I'd reverse your point. By first challenging Balaitou, we can trust
the guix executable and from there we can run 1. and 2.
Thoughts?
--
Pierre Neidhardt
https://ambrevar.xyz/
signature.asc
Description: PGP signature