From: "Ludovic Courtès" <ludo@gnu.org>
To: zimoun <zimon.toutoune@gmail.com>
Cc: 41908@debbugs.gnu.org
Subject: bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'
Date: Sat, 20 Jun 2020 12:40:49 +0200 [thread overview]
Message-ID: <87tuz6auku.fsf@gnu.org> (raw)
In-Reply-To: <86366qtzdi.fsf@gmail.com> (zimoun's message of "Sat, 20 Jun 2020 01:22:17 +0200")
Hi,
Ah yes, what you observed is interesting. If you first travel to a
current-ish commit, it gets properly authenticated and cached.
From then on, since 36640207c9543e48cd6daa92930f023f80065a5d is in the
closure of the commit you just pulled, it’s authenticated, and you can
travel back to it. It makes perfect sense.
Conversely, if you try to go directly to
36640207c9543e48cd6daa92930f023f80065a5d (e.g., with an empty cache),
all we can say is that we can’t authenticate it because it’s unrelated
to the introductory commit.
So it’s logical, even if surprising. It also means that the problem
sort of “goes away” by itself.
zimoun <zimon.toutoune@gmail.com> skribis:
> BTW, from a security perspective, it is easy to cheat by removing some
> commits so the file ~/.cache/guix/authentication/channels/guix should be
> protected: read-only and only writable by the daemon.
It’s 600 of course. What we could do is ignore it if it’s not 600 when
we open it.
Crucially: we cannot and should not restrict what the user can do for
the sake of security. Users can pass ‘--disable-authentication’, they
can run binaries taken from the net, whatever; it’s their machine.
Thanks,
Ludo’.
next prev parent reply other threads:[~2020-06-20 10:42 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-17 9:27 bug#41908: guix time-machine fails; XXXX is not related to introductory commit of channel 'guix' Jan Nieuwenhuizen
2020-06-18 22:29 ` zimoun
2020-06-18 23:02 ` zimoun
2020-06-19 21:17 ` Ludovic Courtès
2020-06-19 23:22 ` zimoun
2020-06-20 10:40 ` Ludovic Courtès [this message]
2020-06-21 16:17 ` zimoun
2020-06-22 8:01 ` Ludovic Courtès
2020-06-20 13:58 ` Marius Bakke
2020-06-21 15:43 ` Ludovic Courtès
2020-06-21 16:18 ` zimoun
2020-06-22 8:54 ` zimoun
2020-06-23 7:35 ` Ludovic Courtès
2020-06-23 8:42 ` zimoun
2020-06-23 8:53 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tuz6auku.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=41908@debbugs.gnu.org \
--cc=zimon.toutoune@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).