From: zimoun <zimon.toutoune@gmail.com>
To: "Ludovic Courtès" <ludo@gnu.org>, 42048@debbugs.gnu.org
Cc: "Ludovic Courtès" <ludo@gnu.org>
Subject: [bug#42048] [PATCH 0/6] Authenticated channels for everyone!
Date: Wed, 01 Jul 2020 11:35:59 +0200 [thread overview]
Message-ID: <86ftaba874.fsf@gmail.com> (raw)
In-Reply-To: <20200625210400.29033-1-ludo@gnu.org>
Hi Ludo,
On Thu, 25 Jun 2020 at 23:04, Ludovic Courtès <ludo@gnu.org> wrote:
> The most visible effect is that channel introductions are now
> part of the API and shown by ‘guix describe’. It becomes a long-term
> commitment because we want to be able to pass the output of
> ‘guix describe -C channels’ or /run/current-system/channels.scm
> to ‘guix pull’ and ‘guix time-machine’ in the future.
How could I test this machinery with "guix time-machine"?
> Contrary to what I initially proposed¹, channel introductions are
> stripped to the bare minimum: a commit/fingerprint pair (as is
> currently the case on master, internally). I figured it doesn’t
> buy us much to have the commit/fingerprint pair signed; what
> matters is that users obtain the introduction from a trusted
> source, and the signature wouldn’t help with that. I also got
> rid of the idea of rendering introductions are opaque base64 blobs.
What happens when traveling in time if the key used by the signature has
been compromised?
Today, everything is fine, I sign and I do in introduction. Couple of
months (or even years) later, my key will be compromised and so I will
revoke it. What happens if I do "guix time-machine -C"?
Well, the question even applies to %default-channel? Maybe you already
answered and I missed it.
Cheers,
simon
next prev parent reply other threads:[~2020-07-01 9:37 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-25 21:04 [bug#42048] [PATCH 0/6] Authenticated channels for everyone! Ludovic Courtès
2020-06-25 21:16 ` [bug#42048] [PATCH 1/6] channels: Add 'openpgp-fingerprint->bytevector' Ludovic Courtès
2020-06-25 21:16 ` [bug#42048] [PATCH 2/6] channels: Make channel introductions public Ludovic Courtès
2020-06-25 22:32 ` Kyle Meyer
2020-06-26 8:17 ` Ludovic Courtès
2020-06-27 17:07 ` Ludovic Courtès
2020-06-25 21:16 ` [bug#42048] [PATCH 3/6] channels: Remove 'signature' from <channel-introduction> Ludovic Courtès
2020-06-30 14:35 ` Ricardo Wurmus
2020-06-30 15:15 ` Ludovic Courtès
2020-06-25 21:16 ` [bug#42048] [PATCH 4/6] channels: Save and interpret 'introduction' field in provenance data Ludovic Courtès
2020-06-25 21:16 ` [bug#42048] [PATCH 5/6] guix describe: Display channel introductions and add 'channels-sans-intro' Ludovic Courtès
2020-06-25 21:16 ` [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions Ludovic Courtès
2020-06-30 15:53 ` Ricardo Wurmus
2020-06-30 20:28 ` Ludovic Courtès
2020-07-01 8:51 ` zimoun
2020-07-01 12:12 ` Ludovic Courtès
2020-07-01 12:49 ` zimoun
2020-07-01 17:05 ` Ludovic Courtès
2020-07-01 12:25 ` Ricardo Wurmus
2020-07-01 21:50 ` bug#42048: " Ludovic Courtès
2020-07-01 9:35 ` zimoun [this message]
2020-07-01 12:17 ` [bug#42048] [PATCH 0/6] Authenticated channels for everyone! Ludovic Courtès
2020-07-01 13:09 ` zimoun
2020-07-01 15:54 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86ftaba874.fsf@gmail.com \
--to=zimon.toutoune@gmail.com \
--cc=42048@debbugs.gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).