From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id EPoOHnDl9GLjRAAAbAwnHQ (envelope-from ) for ; Thu, 11 Aug 2022 13:18:08 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id kBQVHnDl9GJ1NgEA9RJhRA (envelope-from ) for ; Thu, 11 Aug 2022 13:18:08 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 37351290C6 for ; Thu, 11 Aug 2022 13:18:08 +0200 (CEST) Received: from localhost ([::1]:60162 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oM6CV-0004LL-Bi for larch@yhetil.org; Thu, 11 Aug 2022 07:18:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48672) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oM6CQ-0004Jy-PN for bug-guix@gnu.org; Thu, 11 Aug 2022 07:18:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:33904) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oM6CQ-0007VZ-Gv for bug-guix@gnu.org; Thu, 11 Aug 2022 07:18:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oM6CQ-0006mh-Bw for bug-guix@gnu.org; Thu, 11 Aug 2022 07:18:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#57091: Git authentication reports subkey fingerprints Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 11 Aug 2022 11:18:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 57091 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 57091@debbugs.gnu.org, ludo@gnu.org, maximedevos@telenet.be X-Debbugs-Original-To: bug-guix@gnu.org, Ludovic =?UTF-8?Q?Court=C3=A8s?= , Maxime Devos X-Debbugs-Original-Cc: 57091@debbugs.gnu.org Received: via spool by 57091-submit@debbugs.gnu.org id=B57091.166021666526036 (code B ref 57091); Thu, 11 Aug 2022 11:18:02 +0000 Received: (at 57091) by debbugs.gnu.org; 11 Aug 2022 11:17:45 +0000 Received: from localhost ([127.0.0.1]:51882 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oM6C9-0006lr-6F for submit@debbugs.gnu.org; Thu, 11 Aug 2022 07:17:45 -0400 Received: from tobias.gr ([80.241.217.52]:45264) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oM6C6-0006lg-2P for 57091@debbugs.gnu.org; Thu, 11 Aug 2022 07:17:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=Mvj7gjUFFZggo w8BmPS403N4VxUTPNIIV1WmEoNbwqI=; h=references:in-reply-to:subject:cc: to:from:date; d=tobias.gr; b=R01YA4V157WHP5do406OkPwIFO3NGjCLK2nqbYmNF ID8OZ/dc+gVV3ONEhNzr0RQM77gKn7g94CLOxS2hF8/WobFHK4nt56aUFLYLaaLQ5NGc2A xCpRJb99CM3iEilmbwEMf0jy0q1U7DPrrcF9gRmJi7HqeThqkFYqRdQB+BmFXGjPffi4Tu JERjIvuqS0vswg4M7JjVi2OowMlb3LC2n7+0qzBj36Guz/zyA1gHjXR9fQ77ZIlsvkvGDQ PMBE/clIQHgPnKsMm10P6DXjkgL3nRDsq/ryyYePtjPMPdV1WC16jQHBGjXbd0ZFHPOkHw kP15YLA0Ki9B68DbEdfuA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 604d73de (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Thu, 11 Aug 2022 11:17:38 +0000 (UTC) Date: Thu, 11 Aug 2022 11:17:39 +0000 In-Reply-To: <878rnvxelk.fsf@gnu.org> References: <87iln12kjc.fsf@inria.fr> <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> <878rnvxelk.fsf@gnu.org> Message-ID: <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Autocrypt: addr=me@tobias.gr; keydata= mQINBFVks2ABEACjGBPhWf/qx0L9OhEIrAFTimo5dHa1FLy0AHaHvxmwYSIdJmERYGiNle1rcOvw cFRtu8KJUsrs27Vgoso3qHJpghVitUUf0v3ZuXQT9kfuQLz1Y8pyMzHwVFMLiJVj4Z3y7CJk+xyZ cpSAMbyPINbFVEhsK+z+8ojVGuaiucZkib6b67ySG6Pp1bon8xVvosj71ZRjfXh1t4X8laWO7fQq itT9lmc6DxbE/4vIhR+Vb2MblaA+DyHoNHGGao89h4CO99lfzWzsux41DnEG9d317sJRQTig6Wja EKHXZRA9FbfogD4SDa2uQYCpTJpsVjAyZyu2fuJ+t0zJJ+Ai9qDY87P6hOyd+/n8Eh2Y4TbxJiDo XUT72XY/RfPH1qrMIP3EI/NNL4LQeGG1n+625k3OVWcRVXG2vRrB6qurLmGkLEmjXWCFD9cCRGfH LeajLm9sM+t/nZPZ3btetcmK9tM2EwivyLUNhrTk73UUnI4CSAzdO2cISqo9zSMtFgj2alqd2fOR s7CKfEn+5PquruDbp/Ej7dOOrjgWSCXLDDYXRrtaKrLz/dhqq5ftFYi9tUTTQecFotM08fPtu+Kw JMP2ySHCkUqp0GvrUCeSRPAJZsmJrd535y+LlRhnqb0mbG4dgMa8A6xhkFYugnqldy/q7kX1EmRI 686N7bA6fh1MCQARAQABtCRUb2JpYXMgR2VlcmluY2t4LVJpY2UgPG1lQHRvYmlhcy5ncj6JAlIE EwEKADwCHgECF4ACGQECGwMWIQT1vFU0w28Ah7OdNu8cncT+udt8SwUCXpe0rAYLCQgHCgQFFQoJ CAsFFgMCAQAACgkQHJ3E/rnbfEu5IhAAk+0BW/twLmx1xMmeXn+I7Ne6SG3++0TRBduEaGWV3n59 lX6XPZUQdAPpS4uy0H+c90Owkw+aWUEwfyOWphrxZRtR2cCOP/3Pxj3Vgtz5RkY4u27lMj15jqa/ p7l2l256ZKJOegr9TvOWtkhMp5lxeVHT6f/44Kv/r/8mMCgSnLXYrEWPE462xI+mIJOanHLJb6No f2xLRCvXoLLp7Yejjv1dwOO71R9PMRhtNy46pZM1ylQ++UTkeSocJw4aNtiu0DHOkX9AlNBkutIx x07RpO+MqJKlzzLeQiC/fE5+dR2itRONopwXAqN3MuT7MonQo5XifBn+VK8i9xZWTXZDkWItWtCC 8oIj4zwxwFWiTmMwwSbI3Wdd/11Zw3CLc4Gd0M6NVgvAnuErQXSgr4lrWhZcncvi4L6EJTc9AUSa 8UWPF+S9t+CHTukpJmcYnsccMkOBhT7OZlmWBsylrYK/JTRWqgWSHWdSKmOuLK+MGDneOZEHkEcf jeXRWvmG7MSU5tE/p7NDLIg9vkvhQV9b0q4OtY65uNWbRe2QRJaYMDcYUAeSZzivRa8VaoVen6tb FvH44zpCxubn23ABl9YIzwvJC++r+H2qLdLpy0cfITiZadZ74Ae0aosNw7XARS6OY+A03BfXyPiI 2oW0jf/PdH9sh2mQrQxIQJ5cZz6Z3X0= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" Reply-to: Tobias Geerinckx-Rice From: Tobias Geerinckx-Rice via Bug reports for GNU Guix X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1660216688; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature:autocrypt:autocrypt; bh=Mvj7gjUFFZggow8BmPS403N4VxUTPNIIV1WmEoNbwqI=; b=kHHoBxdSMZZTwD8V3g2u7MrmasQo8brGR0obE+znolDESdBkn4Fn0WnZAplujYA0NHIOXQ 9+zqrlRqbTC6aY3p1H7pDREbi0FaZNTmHCXV5QJE4w/CnPbIseqJ1IOIsJ1MlxS5HnxvNI MYuagL984y6ojnl9dJQNJzyHtvXZUEYROruOEBGVoICpRAQBWeOZfbUtT25qW7MXiOMnCh JPaPakQ4asQi0lVwsDJcS5BUDRriM/A8cTM+LPgrRbOELU/u5IdZTTMcoG4/djxoeDQCmC UqxfIgyWcrTgKBpNrafuioznfe/nGuaIQzgWneYUWhiKSmyZL1cNyMg1B8bIZw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1660216688; a=rsa-sha256; cv=none; b=NdjmJpYpz5zrHJW87opVmFOPp8ohqmGbwAx3E3i8tbbxc09VH8KOaP0/SYSPagedyOgR+S /rM09jZZeu3dX9jBEc1A1fFjq6l8JYbXrd6mM/5Kxe3ZImcj98gINfDHKN++XOATYFVRgX eCyzaoAXSqNhvZXm3PEo7V6D+8Drq2T4s+OaarrV3RO2y7EuogKFWMe9rX3jv1RTSdrmy+ x5dqZm6rC2GqPcZ/PhP5IJ+nCXDnCjAkgRPj2DHYZTm2JuD70MCHKHSF60diUPuDPhOrwc 7lVnZoeeE2a4YvV3BhL+V4VU2/uNkQB3h5fb/tOUC/eQlyrnm0CB4HVz97AWAQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tobias.gr header.s=2018 header.b=R01YA4V1; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -1.88 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tobias.gr header.s=2018 header.b=R01YA4V1; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 37351290C6 X-Spam-Score: -1.88 X-Migadu-Scanner: scn0.migadu.com X-TUID: 5Ucn8Vk4aQkY This is not a mere UI issue=2E Basic verification is currently broke^Wdiff= erent, too, or the latest incident wouldn't have happened=2E Hmm=2E I wonder=2E=2E=2E Ludo', are you worried that, since we already handle revocations like GPG = would, the 'proper' OpenPGPmodel could somehow break? That we are in effec= t unable to safely fix this (yes, I maintain it is a) bug? Apologies if I'm wildly off the mark here=2E But then I'd like to hear so= me plausible threat models=2E Maxime? In their absence, nasty surprises like what happened last week are argumen= t enough to (try to! :-) implement normal OpenPGP behaviour=2E Kind regards, T G-R Sent on the go=2E Excuse above-average rambliness=2E