From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 17 05:18:42 2020 Received: (at 28659) by debbugs.gnu.org; 17 Feb 2020 10:18:42 +0000 Received: from localhost ([127.0.0.1]:38018 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1j3dUA-0003og-Gh for submit@debbugs.gnu.org; Mon, 17 Feb 2020 05:18:42 -0500 Received: from mail-qk1-f196.google.com ([209.85.222.196]:35048) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1j3dU8-0003oO-0e; Mon, 17 Feb 2020 05:18:40 -0500 Received: by mail-qk1-f196.google.com with SMTP id v2so15701185qkj.2; Mon, 17 Feb 2020 02:18:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=DvABTvlhPxAwnbGn8IIZmx5h3if5MXyE+XW7SgYf3bQ=; b=fjmHZjFrJlUFoPr0thUK5lx9Ef7OLyb2bfDr0/ai+GDBJr/Y/QCYt7UBUzErfijwxy MjOIaE0VRvCpXA5EtkZZncjZGYj0k47nIOC9sOTcPWCNBoHoew784BiKxMi9f1jKB+ub ENMee6UISGfKb5eupjn2PXmiq2U4fJHW5rhH8Nwd5T6gJX9LqnXF1f9vLKWUgxLjxqHh aOaek1EchXLjlzUrNFjaJz1uD9Wbckdr3ctaAiM5quS42ty3vUN68v1kexY/a8VCDADJ EG9KWpY7AyRonz9a6fy4ZtCpNOdlEToYK/HnoCaP9eLe2soxp5un2MkfIfD2jfzTW9GK Cu+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=DvABTvlhPxAwnbGn8IIZmx5h3if5MXyE+XW7SgYf3bQ=; b=KS2YGzLmx5w9n5O7uDac5vLRgctLJlr10LbuAgA0P5Ja7QKi5pKPvGPh85+xTPRnqE WF6BKKGUpzOUXNYV4RTna0sqgPHUBd7ntZqe5ZimAvUa7l4OfjEIsNSQ6aRXyqfXpAfj fGqyfyngH055IjyHQwggsksVOWgPOIxVHZx+O8lyTTV9oJyDo6hRYSfa/c0A9TzDemnl riyt4mZl7gDnwdJ6i2zSkmg2HhJLA6BoFWiqD9VJSIk9n1BLXOqmrOo4V7XqjsaIc8ac /VmBqrzjvuc2vFvDtFDtLg5NZmXpRkrNFVnejSN0Q6rQOkAgwy3MhRASm5qjKyqrnnVa FaSg== X-Gm-Message-State: APjAAAWEWNFhFxzO/Bvb9tnAyJw+gmcglza64cs/E1u+AQsAFrJQzJjD LBA3GzUXO/H7gNzJK+wuEOOCCr/PclcvDPhItTg= X-Google-Smtp-Source: APXvYqw6JOuFFbEopgOW9SnGXifCleYn2/EgBcMJZE9mSQvWKUBLeWLSmjvs6tx7oKARwiZxZjniHNPQXFuzXWw0f+A= X-Received: by 2002:a37:414:: with SMTP id 20mr9350495qke.304.1581934714512; Mon, 17 Feb 2020 02:18:34 -0800 (PST) MIME-Version: 1.0 References: <87y2t7j54n.fsf@gnu.org> <87eeuy2mua.fsf@gnu.org> <87pnehe0zk.fsf@gnu.org> <878sl47t0q.fsf@gnu.org> <87k14m3iiy.fsf@gnu.org> In-Reply-To: <87k14m3iiy.fsf@gnu.org> From: zimoun Date: Mon, 17 Feb 2020 11:18:22 +0100 Message-ID: Subject: Re: bug#39575: guix time-machine fails when a tarball was modified in-place To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 28659 Cc: 39575@debbugs.gnu.org, 28659@debbugs.gnu.org, Jan Nieuwenhuizen X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ludo, On Sun, 16 Feb 2020 at 11:59, Ludovic Court=C3=A8s wrote: > zimoun skribis: > > On Fri, 14 Feb 2020 at 22:34, Ludovic Court=C3=A8s wrote= : > >> Also, one could argue that we=E2=80=99d steer users towards downloadin= g from our > >> server, which could be a privacy concern (probably not a strong argume= nt > >> since one can easily change the substitute URLs.) > > > > I am not following the privacy concern. > > What do you mean? > > I mean that by default, someone who=E2=80=99s disabled substitutes (presu= mably > out of security or privacy concerns) would find themself downloading > source code from ci.guix.gnu.org instead of various upstream sites. I do not see the difference between mirroring and traveling back in time with missing upstream sources. And because it is content-addressed, it seems even more secure than downloading from a upstream URL, IMHO. If one trusts Guix, then an attacker needs to corrupt in the same time the Guix history and Berlin (and/or any other farm). If one does not trust Guix, why does they use the recipe coming from Guix? To be precise, this person has to check all the recipes of all the dependencies. Well, I do not see a security concern because we are talking about serving the sources. It is another story when the substitutes serve the results of the build (binaries); because one does not have any strong guarantee that the substitute serves the expected binaries. By privacy concern, do you mean that Guix could collect who downloads what; in a central fashion? Which is not the case when one downloads from several distributed upstream sources. Right? Well, I am not convinced because the case of missing upstream source is rare. And it is easy to protect against such collecting data process. In paranoid mode, traveling back in time is becoming difficult because of the reliability of the sources; I mean if the sources were reliable, SWH would not exist. ;-) The solution should be an IPFS / GNUnet / full distributed archive... which is not ready... yet! :-) Well, maybe for the TODO list of the time-machine: add an option to allow substitutes *only* for the sources (substitutes meaning ci.guix.gnu.org and/or SWH). If this option does not exist yet. ;-) Cheers, simon