From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id yGf5F0ZZ/F5eRgAA0tVLHw (envelope-from ) for ; Wed, 01 Jul 2020 09:37:10 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id 8F7FE0ZZ/F7ycQAAB5/wlQ (envelope-from ) for ; Wed, 01 Jul 2020 09:37:10 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id AA310940145 for ; Wed, 1 Jul 2020 09:37:09 +0000 (UTC) Received: from localhost ([::1]:50902 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqZAx-0000Fw-71 for larch@yhetil.org; Wed, 01 Jul 2020 05:37:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55446) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jqZAs-0000Dz-Q8 for guix-patches@gnu.org; Wed, 01 Jul 2020 05:37:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:40765) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jqZAs-000783-FR for guix-patches@gnu.org; Wed, 01 Jul 2020 05:37:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jqZAs-0001rD-Av for guix-patches@gnu.org; Wed, 01 Jul 2020 05:37:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 0/6] Authenticated channels for everyone! Resent-From: zimoun Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 01 Jul 2020 09:37:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= , 42048@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.15935961717077 (code B ref 42048); Wed, 01 Jul 2020 09:37:02 +0000 Received: (at 42048) by debbugs.gnu.org; 1 Jul 2020 09:36:11 +0000 Received: from localhost ([127.0.0.1]:52311 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqZA3-0001q5-DO for submit@debbugs.gnu.org; Wed, 01 Jul 2020 05:36:11 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:37379) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqZ9y-0001pX-KE for 42048@debbugs.gnu.org; Wed, 01 Jul 2020 05:36:10 -0400 Received: by mail-wr1-f68.google.com with SMTP id a6so23085194wrm.4 for <42048@debbugs.gnu.org>; Wed, 01 Jul 2020 02:36:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-transfer-encoding; bh=w6NfE7r4fBiCSyjb7PxoAzfgFHURPckZbNNt8dJHx0I=; b=g9xjQdZDeGKAM92QO0XMWCpt3IKXytWvSZex1N3D+o9ZPNQtN6R3hMWQwx3uWbKMt5 7bHy+PohcdSa25c6yLt1ZeQkIHOEjvk6+jLqJSAvAGIpykFc2zASNYeu6tYwHxSbnluE co+YQMdBmCJumhGcPdXiowhpwsUBUyFbKnXmGD66gtUBaLsrJLO69H6Rl9CvBGsSQ+C2 +KubTsfSMBrMZVWPkjuNB7z6jMV4ClZzWpd6pafAve7a2TZ7lEpw7hvdQXC2IsfB+SCo 5Lf9dAqmFjqnAJ97RjTBYQQ5IOK/i2GCtiUNMbLPQoAbDlhV8BkghohAjm9DYNY0zSa0 PiDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=w6NfE7r4fBiCSyjb7PxoAzfgFHURPckZbNNt8dJHx0I=; b=g4a7OGksUX6oZVHYQscuCAmEWXpqwyzEAV/lFZCFu740XNwByxcdjwuCDke8bHGNI2 NJWaQd0u9/LIYD9YfeOrrpdAbBXI6jVXJjVRHEIiFcxobEdi+mB3mlBFRDokSHWQHDv1 qrUweXwfyMuqDcqdwXWBEV8ToNPgDb3R1jP1xLHLdL0bc/5v3pg4Y29AKyEvQFsu935b 6Krc2iCHZPo1BzFdz6KDZYnmBaO/zMFN05sz9gHUUzoyBq2hpu7XoC4d9DXgCJqRZFWE +IXKE1o9vIZ8YhyBtuf+UXnQ/SbcD1jTXc/uJ03DfmohZdtWbtLJ4cA+rdv1UKFePXfM ih7w== X-Gm-Message-State: AOAM533AVUK1wvkBgv0ACfboThIsU5LCxByp2pN/WFYHHwSGUrbjMD/+ tfIpJlWYVij7lbU438/FMxg2/t3C2II= X-Google-Smtp-Source: ABdhPJy3sCa0v7InEqkWTAKrHIiTrgtUZMGuIUnDg+GZPS/Mxa5UuIFH0ClumnoQF0g303Wm7Yb5fA== X-Received: by 2002:a5d:5341:: with SMTP id t1mr27612922wrv.207.1593596160686; Wed, 01 Jul 2020 02:36:00 -0700 (PDT) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id s15sm6477368wmj.41.2020.07.01.02.35.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jul 2020 02:36:00 -0700 (PDT) From: zimoun In-Reply-To: <20200625210400.29033-1-ludo@gnu.org> References: <20200625210400.29033-1-ludo@gnu.org> Date: Wed, 01 Jul 2020 11:35:59 +0200 Message-ID: <86ftaba874.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=gmail.com header.s=20161025 header.b=g9xjQdZD; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 0.09 X-TUID: vN7dvoamwPGV Hi Ludo, On Thu, 25 Jun 2020 at 23:04, Ludovic Court=C3=A8s wrote: > The most visible effect is that channel introductions are now > part of the API and shown by =E2=80=98guix describe=E2=80=99. It becomes= a long-term > commitment because we want to be able to pass the output of > =E2=80=98guix describe -C channels=E2=80=99 or /run/current-system/channe= ls.scm > to =E2=80=98guix pull=E2=80=99 and =E2=80=98guix time-machine=E2=80=99 in= the future. How could I test this machinery with "guix time-machine"? > Contrary to what I initially proposed=C2=B9, channel introductions are > stripped to the bare minimum: a commit/fingerprint pair (as is > currently the case on master, internally). I figured it doesn=E2=80=99t > buy us much to have the commit/fingerprint pair signed; what > matters is that users obtain the introduction from a trusted > source, and the signature wouldn=E2=80=99t help with that. I also got > rid of the idea of rendering introductions are opaque base64 blobs. What happens when traveling in time if the key used by the signature has been compromised? Today, everything is fine, I sign and I do in introduction. Couple of months (or even years) later, my key will be compromised and so I will revoke it. What happens if I do "guix time-machine -C"? Well, the question even applies to %default-channel? Maybe you already answered and I missed it. Cheers, simon