Mark H Weaver <[email protected]> skribis: > [email protected] (Ludovic Courtès) writes: > >> Mark H Weaver <[email protected]> skribis: >> >>> [email protected] (Ludovic Courtès) writes: >>> >>>> Leo Famulari <[email protected]> skribis: >>>> >>>>> What sort of machine would be appropriate for hydra? >>>> >>>> Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least. >>> >>> I would also add that it should run Libreboot, for which the ASUS >>> KGPE-D16 is currently the best supported server-class motherboard. >> >> Right, I would prefer it as well; I hope we can find such rackable >> servers. >> >> If it turns out that all we can buy in practice is an ME-backdoored >> server, > > Under what set of circumstances would this be the case?
I don’t know, I’m just showing my ignorance. :-) > The ASUS KGPE-D16 is widely available. It's even available > pre-flashed with Libreboot from minifree.org, the company run by > Francis Rowe, the creator of Libreboot. So that sounds perfect. Does it meet the other requirements above? (We discussed it a couple of times on IRC, but I admit I never took the time to learn more about what’s available.) >> I *might* be willing to take it, with the understanding that it >> would become less and less of a single point of trust (assuming more of >> our package builds become reproducible, and other users publish binaries >> as well.) > > If hydra is compromised, then its private key could be stolen and > facilitate targetted delivery of malicious binary substitutes to > individual users. The existence of other users who run 'guix challenge' > would not prevent that, afaict. > > Anyway, to my mind, the security issues are secondary. We should avoid > running non-free software wherever feasible. It is now fairly easy for > us to arrange for hydra.gnu.org to run 100% free software from the boot > firmware up. Given this, and our commitment to free software, I'm > surprised that we would not make this a priority. This is definitely important, and again, if the servers Francis’ company provides fit the bill, then go for it! Thanks for your feedback, Ludo’.
