Hi Pierre, Sorry if I am dumb but I do not understand what is your use-case and what you try to achieve.
I imagine... so maybe I am totally out of your scope. Let consider Alice and Bob and 2 machines: aneto and balaitou. Alice runs aneto, it is her local machine. And she has an SSH access to balitou. And say this access is non-root, only Bob has root access on balaitou. Your question is: how can Alice be sure that she runs the same binaries on aneto and balaitou? other said how can she detect baloitou has been compromised? Is it your use-case? If yes, Alice can : 1. check the integrity on the balaitou machine by running "guix gc --verify" 2. publish the store of aneto with "guix publish" 3. challenge the store of balaitou against the store of aneto with "guix challenge" Does not fit your use-case? Cheers, simon
