Hi! Léo Le Bouter <[email protected]> skribis:
> I don't want to give more access than what SSH non-root access would > give, and I think it would be possible to do something helpful in GNU > Guix offloading so it can work even without the offload machine > trusting the client's store public signing key. One possibility would be to give SSH access and nothing more. That would allow hackers to run: GUIX_DAEMON_SOCKET=ssh://leo.example.org guix build whatever Users would still be able to retrieve build results from your machine via ‘guix copy’ or an instance of ‘guix publish’ running on the machine. HTH! Ludo’.
