Guix, I have good news and bad news. The good news is that the new commit verification infrastructure works great. 'make authenticate' will verify that all commits were signed by a key that was authorized by .guix-authorizations at that point in time. The bad news is that we need to ensure .guix-authorizations has been updated on any branches that new committers/keys will be pushing to. Currently the 'staging' branch has one commit (8229ce3116c1f522c7157ab2dcd50dc2d765686a) signed by a not-yet-authorized key (it had been authorized on 'master' by d074f73aacc5a39aed0202d6e45721f53f34a8c0, but that was not yet merged to 'staging' at the time). To fix it properly without leaving a gap where 'make authenticate' will fail, we actually need to rewrite the history. Luckily git supports rebasing merges(!), and the merge we need was the next commit on that branch. I have pushed a 'staging2' branch where I did the following: 1) git rebase -i --rebase-merges 8229ce3116c1f522c7157ab2dcd50dc2d765686a~ 2) Moved 8229ce3116c1f522c7157ab2dcd50dc2d765686a after f00270d35a6ca814903a9392caedc29d44959088 (the first merge that includes .guix-authorizations) -- it was "one step down" in Magits interactive rebase menu. 3) "solved" three merge conflicts (actually git rerere remembered the resolutions, and I could have used git rebase --rerere-autoupdate to make the process entirely automatic). I intend to move the current 'staging' branch to 'staging-old', and rename 'staging2' to 'staging' once I'm fully confident in the result and resolution. In the mean time, comments or replications of the experiment welcome. In other good news, the new pre-push hook proposed by Ludovic in will eliminate this issue as long as people remember to activate it. For total confidence we should perform it on the server side though. Sorry for the inconvenience!