From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id qE0xKa/g2F4JbgAA0tVLHw (envelope-from ) for ; Thu, 04 Jun 2020 11:53:19 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id CAb/JK/g2F4eSAAAB5/wlQ (envelope-from ) for ; Thu, 04 Jun 2020 11:53:19 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 67F309400AF for ; Thu, 4 Jun 2020 11:53:19 +0000 (UTC) Received: from localhost ([::1]:59942 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jgoQw-0002xF-D2 for larch@yhetil.org; Thu, 04 Jun 2020 07:53:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46080) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jgoQn-0002wc-Ur for guix-devel@gnu.org; Thu, 04 Jun 2020 07:53:09 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58796) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jgoQn-0006aM-Lo for guix-devel@gnu.org; Thu, 04 Jun 2020 07:53:09 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=45520 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jgoQl-0008Nb-Ak; Thu, 04 Jun 2020 07:53:08 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Marius Bakke Subject: Re: Heads-up: hard reset of the 'staging' branch References: <87ftbn7r7r.fsf@gnu.org> <87mu5qy94d.fsf@gnu.org> <87ftbi4nbg.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 17 Prairial an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 04 Jun 2020 13:53:06 +0200 In-Reply-To: <87ftbi4nbg.fsf@gnu.org> (Marius Bakke's message of "Fri, 29 May 2020 20:18:27 +0200") Message-ID: <87mu5jcajh.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: qTyrNw7AQrOe Hey, Marius Bakke skribis: > Ludovic Court=C3=A8s writes: [...] >> To be clear, it wouldn=E2=80=99t just =E2=80=9Cleave a gap=E2=80=9D: all= future commits would >> also be rejected. The authentication code ensures that each commit is >> signed by one of the keys authorized in its parent commit(s). (See the >> latest discussions at .) > > Indeed, sorry for being unclear. The gap I was referring to was based > on a hypothetical situation where we worked around this issue in > git-authenticate.scm, similar to %commits-with-known-bad-signature. As it turns out, =E2=80=98%commits-with-known-bad-signature=E2=80=99 is unu= sed. :-) I=E2=80=99m actually reluctant to supporting it now because I don=E2=80=99t= see how it could be implemented without also offering a trivial way to escape verification. >> This is a good opportunity to remind all fellow committers of the latest >> changes in that area, which are summarized here: >> >> https://guix.gnu.org/manual/devel/en/html_node/Commit-Access.html >> >> Please take a look. >> >> SCARY WARNING: >> >> When =E2=80=98guix pull=E2=80=99 runs that authentication code, which = I hope will be >> the case in a few weeks, any such mistakes means that users will not >> be able to pull at all, so we all have to be very cautious. If we do >> make a mistake, we=E2=80=99ll have to reset the branch to a known-good= state, >> like you did. > > I am really looking forward to strong authentication in 'guix pull'. > Sounds like a good excuse to make a new release! :-) Yup! Ludo=E2=80=99.