On Sun, Oct 11, 2020 at 12:39:17PM +0200, Ludovic Courtès wrote: > Hi! > > For some reason, /etc/guix/acl is not declarative on Guix System: we let > users modify it and assume it’s stateful, which can surprise users as in > . > > Should we make it declarative, just like most of /etc? I think so. For > a build farm like berlin, it would force admins to explicitly list all > the authorized keys in their config—annoying change, but not a bad > thing. > > WDYT? I've been surprised by it at least once. (That it was more than once is on me...) > The problem is the transition. We would need to at least create a > backup of /etc/guix/acl on the next activation, or better yet, warn > users or error out at reconfigure time. > > Thoughts? > > Ludo’. > activation script: (when (file-exists? "/etc/guix/acl") (rename-file "/etc/guix/acl" "/etc/guix/acl-old")) -- Efraim Flashner אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted