From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id QGfKBnLMr17UCAAA0tVLHw
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 04 May 2020 08:04:02 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id gGYLBHzMr145BgAAB5/wlQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 04 May 2020 08:04:12 +0000
Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:470:142::17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id E34719416FE
	for <larch@yhetil.org>; Mon,  4 May 2020 08:04:10 +0000 (UTC)
Received: from localhost ([::1]:50916 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1jVW5D-0000qT-13
	for larch@yhetil.org; Mon, 04 May 2020 04:04:11 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:36276)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jVW55-0000qK-4J
 for bug-guix@gnu.org; Mon, 04 May 2020 04:04:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:47347)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jVW54-0005G5-Bv
 for bug-guix@gnu.org; Mon, 04 May 2020 04:04:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jVW54-0001N7-7P; Mon, 04 May 2020 04:04:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#22883: Authenticating a Git checkout
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Mon, 04 May 2020 08:04:02 +0000
Resent-Message-ID: <handler.22883.B22883.15885794095226@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 22883
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: security
To: Ricardo Wurmus <rekado@elephly.net>
Received: via spool by 22883-submit@debbugs.gnu.org id=B22883.15885794095226
 (code B ref 22883); Mon, 04 May 2020 08:04:02 +0000
Received: (at 22883) by debbugs.gnu.org; 4 May 2020 08:03:29 +0000
Received: from localhost ([127.0.0.1]:58893 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1jVW4W-0001MD-Ui
 for submit@debbugs.gnu.org; Mon, 04 May 2020 04:03:29 -0400
Received: from eggs.gnu.org ([209.51.188.92]:33274)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1jVW4V-0001M2-KL
 for 22883@debbugs.gnu.org; Mon, 04 May 2020 04:03:28 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52372)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1jVW4Q-00057m-DD; Mon, 04 May 2020 04:03:22 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=51262 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1jVW4P-0000KY-8i; Mon, 04 May 2020 04:03:22 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <87io14sqoa.fsf@dustycloud.org> <87h9ep8gxk.fsf@gnu.org>
 <20160426001359.GA23088@jasmine> <874majg0z8.fsf@gnu.org>
 <87bn3iz1xc.fsf_-_@gnu.org> <87wpket748.fsf@gnu.org>
 <87bmkwm8ed.fsf@gnu.org> <87png9o8i2.fsf@elephly.net>
 <87fth4bj6y.fsf@gnu.org> <87bln9oupo.fsf@gnu.org>
 <87ftci3si9.fsf@gnu.org>
Date: Mon, 04 May 2020 10:03:19 +0200
In-Reply-To: <87ftci3si9.fsf@gnu.org> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Sun, 03 May 2020 00:02:22 +0200")
Message-ID: <875zdcuny0.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-Spam-Score: -3.3 (---)
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Cc: 22883@debbugs.gnu.org
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Scanner: scn0
X-Spam-Score: -0.39
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 2001:470:142::17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Scan-Result: default: False [-0.39 / 13.00];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 GENERIC_REPUTATION(0.00)[-0.4944019016533];
	 TO_DN_SOME(0.00)[];
	 R_SPF_ALLOW(-0.20)[+ip6:2001:470:142::/48:c];
	 IP_REPUTATION_HAM(0.00)[asn: 22989(0.14), country: US(-0.00), ip: 2001:470:142::17(-0.49)];
	 DWL_DNSWL_FAIL(0.00)[2001:470:142::17:server fail];
	 MX_GOOD(-0.50)[cached: eggs.gnu.org];
	 RCPT_COUNT_TWO(0.00)[2];
	 MAILLIST(-0.20)[mailman];
	 FORGED_RECIPIENTS_MAILLIST(0.00)[];
	 RCVD_IN_DNSWL_FAIL(0.00)[2001:470:142::17:server fail];
	 R_DKIM_NA(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 R_MIXED_CHARSET(0.63)[subject];
	 FROM_NEQ_ENVFROM(0.00)[ludo@gnu.org,bug-guix-bounces@gnu.org];
	 MID_RHS_MATCH_FROM(0.00)[];
	 ASN(0.00)[asn:22989, ipnet:2001:470:142::/48, country:US];
	 ARC_NA(0.00)[];
	 TAGGED_FROM(0.00)[larch=yhetil.org];
	 FROM_HAS_DN(0.00)[];
	 URIBL_BLOCKED(0.00)[gnu.org:email];
	 MIME_GOOD(-0.10)[text/plain];
	 RCVD_TLS_LAST(0.00)[];
	 DMARC_NA(0.00)[gnu.org];
	 HAS_LIST_UNSUB(-0.01)[];
	 RCVD_COUNT_SEVEN(0.00)[9];
	 FORGED_SENDER_MAILLIST(0.00)[]
X-TUID: Ys/khd5ipJLg

Hi!

Ludovic Court=C3=A8s <ludo@gnu.org> skribis:

> Done the API cleanup.  I=E2=80=99ll go ahead and push the current =E2=80=
=98wip-openpgp=E2=80=99
> branch (squashing commits marked as such) tomorrow if there are no
> objections.

Pushed on master!

  4a84deda74 doc: Recommend against SHA1 OpenPGP signatures.
  84133320b8 doc: Document committer authorization.
  05d973eef2 openpgp: Raise error conditions instead of calling 'error'.
  041dc3a9c0 git-authenticate: Load the keyring from the repository.
  92db1036b7 git-authenticate: Load the list of authorized keys from the tr=
ee.
  bee5b7a0f8 .guix-authorizations: Augment.
  051a45e642 git-authenticate: Use (guix openpgp).
  b835e158d5 openpgp: Add 'string->openpgp-packet'.
  bd8126558d openpgp: 'lookup-key-by-{id,fingerprint}' return the key first.
  b45fa0a123 openpgp: 'verify-openpgp-signature' looks up by fingerprint wh=
en possible.
  efe1f0122c openpgp: Add 'lookup-key-by-fingerprint'.
  7b2b3a13cc openpgp: Store the issuer key id and fingerprint in <openpgp-s=
ignature>.
  4459c7859c openpgp: Decode the issuer-fingerprint signature subpacket.
  43408e304f Add (guix openpgp).
  c91e27c608 Add '.guix-authorizations'.

> The formats and mechanisms are not set in stone until this is
> generalized to channels, but we=E2=80=99re getting there.  Now=E2=80=99s =
a good time to
> raise any concerns you may have, comrades!

Ludo=E2=80=99.