From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pjotr Prins Subject: Re: What???s next? Date: Thu, 25 May 2017 10:11:30 +0200 Message-ID: <20170525081130.GA3521@thebird.nl> References: <877f16z9eo.fsf@gnu.org> <874lwaql17.fsf@gnu.org> <20170524214539.GA26320@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:52355) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dDnsQ-0003fF-H9 for guix-devel@gnu.org; Thu, 25 May 2017 04:12:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dDnsL-0006Np-Nc for guix-devel@gnu.org; Thu, 25 May 2017 04:12:10 -0400 Content-Disposition: inline In-Reply-To: <20170524214539.GA26320@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel On Wed, May 24, 2017 at 05:45:39PM -0400, Leo Famulari wrote: > [1] `guix pull` verifies the certificate of > against the Let's Encrypt trust chain *only*. This brings up another annoyance. Before a first 'git pull' as a newbie you have to go through a number of steps which are, arguably, redundant. I am talking about installing a first key to trust the guix server. Well, if we have installed guix AND we use guix pull, I think we can assume the guix server is trusted (by the user). Therefore, that key should work out of the box (it is what people install from the tree anyway!). It is a redundant step. Debian also uses keys and works out of the box. The other thing is permissions. Sometimes the user profile needs explicit permission settings. This is not right. I can see it is useful on a server setup controlled by an administrator, but arguably it should just work. The administrator can revert on that. So, if possible, the default should be allowing guix to work once the daemon runs. Pj.