From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maxim Cournoyer Subject: Re: What's next? Date: Sun, 28 May 2017 19:31:36 -0700 Message-ID: <874lw4tmuv.fsf@gmail.com> References: <877f16z9eo.fsf@gnu.org> <874lwaql17.fsf@gnu.org> <20170524214539.GA26320@jasmine> <20170525081130.GA3521@thebird.nl> <87vaomtxiq.fsf@gnu.org> <20170528073057.GA12848@thebird.nl> <877f10oggw.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:58677) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dFAT6-0005gG-JJ for guix-devel@gnu.org; Sun, 28 May 2017 22:31:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dFAT5-0000lO-J9 for guix-devel@gnu.org; Sun, 28 May 2017 22:31:40 -0400 In-Reply-To: <877f10oggw.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Sun, 28 May 2017 22:48:31 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Pjotr Prins skribis: > >> On Sat, May 27, 2017 at 12:16:45PM +0200, Ludovic Court??s wrote: >>> On GuixSD, the key of hydra.gnu.org and bayfront.guixsd.org are always >>> registered by default. We cannot do that for someone installing Guix on >>> a foreign distro because that involves creating a file in /etc. >> >> Many installs are not on GuixSD. Can't we use the key that is stored >> in the store itself? If /etc does not exist then use what comes >> with the installation. > > The current behavior is to print a warning when /etc/guix/acl (the list > of authorized keys) is empty or nonexistent. > > Your suggestion would be to automatically populate it, right? > > I=E2=80=99m mildly reluctant to that, because we=E2=80=99d stealthily for= ce every user > into trusting our substitute servers. OTOH I agree that the current > situation is not optimal. > Maybe there could be a prompt that tells the user the current message (no keys in /etc/guix/acl) and then asks them if they'd like to register the default Guix substitute server keys? That'd be a middle ground solution. Maxim