July 15, 2022 7:23 AM, "Csepp" <raingl...@riseup.net> wrote:
> Vagrant Cascadian <vagr...@debian.org> writes: > > > If the goal is to produce highly secure servers than I'd like to suggest > unikernels once again. No Guix running on the deployed server, but the > server image is built by and possibly deployed by Guix. > Of course the downside is that they do a whole lot less than OpenBSD or > Linux. But if your use case is already covered, that's actually a > positive, since no extra features means smaller attack surface. > MirageOS could be a good starting point, since we already have a good > chunk of Ocaml tooling integrated into Guix. > http://unikernel.org/projects > There was a Nix project with similar aims that sadly fizzled out, so > it's probably not exactly an easy task to tackle, but it's much easier > than porting Guix to a new kernel and packaging a userland for that > kernel. Thanks for the suggestion! That would be a really secure server!
