From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marius Bakke <mbakke@fastmail.com>
Subject: Re: Guix support in cachix
Date: Wed, 04 Jul 2018 16:17:35 +0200
Message-ID: <87in5v84qo.fsf@fastmail.com>
References: <871sck463k.fsf@gmail.com> <87h8lgf0o3.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37359)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1faibN-0007hk-Ay
	for guix-devel@gnu.org; Wed, 04 Jul 2018 10:17:50 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1faibJ-0000b5-4T
	for guix-devel@gnu.org; Wed, 04 Jul 2018 10:17:49 -0400
In-Reply-To: <87h8lgf0o3.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>, Oleg Pykhalov <go.wigust@gmail.com>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

ludo@gnu.org (Ludovic Court=C3=A8s) writes:

> Hello!
>
> Oleg Pykhalov <go.wigust@gmail.com> skribis:
>
>> Domen Ko=C5=BEar <domen@dev.si> recently was in #guix (IRC) 2 days ago a=
sking
>> about support of Guix in cachix.  Also he opened an issue on GitHub:
>>
>>> I'm opening this issue for interest around supporting Guix.
>>
>> [1] https://github.com/cachix/cachix/issues/85
>
> Cachix looks interesting!  It=E2=80=99s good to collaboratively provide
> binaries.  It=E2=80=99s easier than having everyone set up =E2=80=98guix =
publish=E2=80=99, at
> the cost of being more centralized.
>
> The =E2=80=9Ccachix use <name>=E2=80=9D example on https://cachix.org/ gl=
osses over
> security =E2=80=9Cdetails=E2=80=9D though.  I wonder how one gets to auth=
enticate a
> particular user of Cachix and to authorize binaries coming from them.
> There=E2=80=99s also the issue that said user could be publishing binarie=
s they
> themselves obtained from a source that you do not trust yourself.  Tough
> issues!

I asked about discovering signing keys and apparently you'll find it at
https://<user>.cachix.net, and that's the substitute URL too.

It looks useful for those who don't want to or can't publish their own
substitutes.  And `guix challenge` makes it easy to verify the builds
coming from a particular "channel".

I would not want to publish all my builds there, though.  Not sure how
it would be integrated on the client side.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAls81v8ACgkQoqBt8qM6
VPrPBAf/fHSM0KoH3sWjZwqAPkEY9akxTk+vW7IgesMSoyEOVMkvjI449TIIE4lt
L3kugBrgrI9lQvkKluh3U+wz/Rl1UuKjgHVXtGdB7C+04oDZoqoBFUE++/4dF9pj
Y1JXV8q3zFZo5QXB8LxyLraLiYBZC+sNsoa5UwH4DrVlexrhD2cv6S4Otw+PMgFx
PIJoFBV8493JLKk+kZqyDYAUAhvReZgSn/jjCSsLmxC9lEysJzlScOowfYGYmwRF
GCvYU3rYTICNcQXtrSRx6aA0H6zNLk0BFMZa7Cpa6eCKjDg4rZkwxxaXdON520MQ
UjQUiQtNxibH2vw9BP0XnMAsgbaHGA==
=JlcR
-----END PGP SIGNATURE-----
--=-=-=--