From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id mD/ENicmjmAxKgAAgWs5BA (envelope-from ) for ; Sun, 02 May 2021 06:10:15 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id GDhBMicmjmCxLQAAbx9fmQ (envelope-from ) for ; Sun, 02 May 2021 04:10:15 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5A4DA1E788 for ; Sun, 2 May 2021 06:10:15 +0200 (CEST) Received: from localhost ([::1]:57320 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ld3Qs-0002u8-Hv for larch@yhetil.org; Sun, 02 May 2021 00:10:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57974) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ld3Qg-0002qX-FS for bug-guix@gnu.org; Sun, 02 May 2021 00:10:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:56863) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ld3Qg-0000kh-6B for bug-guix@gnu.org; Sun, 02 May 2021 00:10:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ld3Qf-0000vX-VC for bug-guix@gnu.org; Sun, 02 May 2021 00:10:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#48146: Getting diverted to non-updated branches: a limitation of the authentication mechanism? Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 02 May 2021 04:10:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 48146 X-GNU-PR-Package: guix X-GNU-PR-Keywords: security To: Maxime Devos Received: via spool by 48146-submit@debbugs.gnu.org id=B48146.16199286003553 (code B ref 48146); Sun, 02 May 2021 04:10:01 +0000 Received: (at 48146) by debbugs.gnu.org; 2 May 2021 04:10:00 +0000 Received: from localhost ([127.0.0.1]:40176 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ld3Qe-0000vF-DP for submit@debbugs.gnu.org; Sun, 02 May 2021 00:10:00 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:55287) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ld3Qc-0000v9-MJ for 48146@debbugs.gnu.org; Sun, 02 May 2021 00:09:59 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 65D815C008E; Sun, 2 May 2021 00:09:53 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Sun, 02 May 2021 00:09:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=1PSugU2mDsXbSFpntfqdMcMr maH4dEOYoqxXaWTU57E=; b=DLUjoNYDt4SnnUb1HG0lvIDqCQWyIw6DaZVm4QPN 9j9H1yyH+OoxMYerQuT2B9mmwhTFGXWvLFUxaIPfnV/jljoqwGkg7D7CDAN3RJb/ DF38spE+cW02ScAGtRQWDZD28VSxMeHDwDasLfAnUaWR9CLKxEL4U6H1eukRCuwl uuo= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=1PSugU 2mDsXbSFpntfqdMcMrmaH4dEOYoqxXaWTU57E=; b=PfLstv95m+JdzOyHLXEwNb QJm/CKsZHjBP+ZKCK3qyV3Y3hEnBrFMK3Kv7CbU/3qz3TCGNs8y4QK7EMzVQhKdH JEQJLLDlqO1GJni5ws8kv9rtSPdN9ujTb5FMgAk9Zp+6qvryWxeqhbXoYQji+5WA 3pzyEobr5YN5orh9WbAZ9BvPeKw0hDGcBqB4lkXlg5focjPkVC+k7hgXkuLGRejL m4DxkvTwfCEwmPzIhN5PYYmB/0zo0Z92yZYV492Je1Bl0qZXW9fUqZF6l7qMtm+w wvy7LZvm4a0blDU58S4WqWoE12j1xyCcriHdvbsxJ/aRErlq6/0JTpRwM8dLyPTw == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdefuddgtdduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpefnvghoucfh rghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtth gvrhhnpeeiffekieejudefueefheeggfdtteethfevgefhtdehfefhfefgleeihfefkeel teenucffohhmrghinhepghhnuhdrohhrghdpthhhvghuphgurghtvghfrhgrmhgvfihorh hkrdhiohenucfkphepudeivddrvddujedrfeefrdduuddvnecuvehluhhsthgvrhfuihii vgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrg hmvg X-ME-Proxy: Received: from localhost (d-162-217-33-112.ct.cpe.atlanticbb.net [162.217.33.112]) by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 2 May 2021 00:09:52 -0400 (EDT) Date: Sun, 2 May 2021 00:09:50 -0400 From: Leo Famulari Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 48146@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1619928615; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=1PSugU2mDsXbSFpntfqdMcMrmaH4dEOYoqxXaWTU57E=; b=bZIzi9gT0kL4K03wNe8WpiTrCIhZiJbKUZW01Sr4Rqx2ouHDs1UHD21oQ3pvAO9p9mZtsi GZjSf0AA1fNXyPMatsJ/i3RdzqVMKiYhBFJr5uYfk86JgaxmtzXPSp5TPbVWNaMzl0b+sk qMe2pC8h7+wvGFUrtWTUhri09YbYyDEljqDNc1zLBb4dKvlw/ukCGkjED77zEGpHueTt4K fym5xIeqWdjS52ebZQnr8I/KM2UM67bcS6tJ+uPpzrwog1utlWIS3orX70XA6mMOBa7WQa n9mL9Yodd9SDOhFmfrT0DSciDXEJTnklWaqwsMC9gTqPot3Rp01Pwmpn3USChA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1619928615; a=rsa-sha256; cv=none; b=AT2qdnhlex8aLlAm9xOuKbGvSni/YXDDWxZglSy3xEVq+22yK8G3Mjb8E9mXQjxH0ZRSqb jHkQl5Jxd0ujVefmq2kIusnLstcVi4sCAiiof/KWtBwQ/l4S97b7YdGmMy4frZam9aDhBm lR4yCnkzdhjd/71gxxcz04DVp3zo0Sr4gUVvszozz4iss4aMGfKqMmvYHSXJJFqCECbQLH BRTWWBvolwiIKhqrA/gPbb4+rRzJ2hRKlQoOk1I9F8adz74CXbHKE00Rm8yReXOl1TGRsV HRo1SSdS66EnGZHF2TvPs7r13mJN61PDtrXyiMrkF8jYdCnMM/YnA4VPgmtqxQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=DLUjoNYD; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=PfLstv95; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -0.46 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=DLUjoNYD; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=PfLstv95; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 5A4DA1E788 X-Spam-Score: -0.46 X-Migadu-Scanner: scn0.migadu.com X-TUID: hsofpTx1yHpu On Sat, May 01, 2021 at 11:40:01PM +0200, Maxime Devos wrote: > Tags: + security > > Hi guix, > > Consider the following situation: Check this blog post and The Update Framework's concept of "indefinite freeze attacks", which I think is what you are describing: https://guix.gnu.org/en/blog/2020/securing-updates/ https://theupdateframework.io/ (check the "specification")