From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: `guix pull` over HTTPS Date: Fri, 10 Feb 2017 16:29:31 +0100 Message-ID: <87tw82cbdw.fsf@gnu.org> References: <20170209155512.GA11291@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:58878) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ccD8l-0007K5-Ol for guix-devel@gnu.org; Fri, 10 Feb 2017 10:29:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ccD8i-0001Ua-L5 for guix-devel@gnu.org; Fri, 10 Feb 2017 10:29:39 -0500 In-Reply-To: <20170209155512.GA11291@jasmine> (Leo Famulari's message of "Thu, 9 Feb 2017 16:55:12 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org Hi Leo! Leo Famulari skribis: > HTTPS is not a security panacea but, in my opinion, we should use it if > it's available, at least until `guix pull` can verify commit signatures. Agreed. At least it prevents eavesdropping and allows us to authenticate the server (assuming the CA is trustworthy). But as you write, the eventual goal is to authenticate the code rather the server, which will provide much better assurance. > However, it's a little harder to get right than HTTP. For example, `guix > pull` could fail if there is a problem with the user's certificate > store, or if their clock is wrong. > > Does anyone have any specific concerns or advice about changing the > value of %snapshot-url in (guix scripts pull) to use the HTTPS URL? > Should the change be that simple, or should we do more? I think it should be this simple. Of course there will be issues with people having the wrong SSL_CERT_DIR & co. settings. Also that means Guile-GnuTLS becomes a hard dependency, which I think is fine. Thanks, Ludo=E2=80=99.