From: "Ludovic Courtès" <ludo@gnu.org>
To: Simon Tournier <zimon.toutoune@gmail.com>
Cc: Tomas Volf <~@wolfsden.cz>,
70759-done@debbugs.gnu.org,
"pelzflorian \(Florian Pelz\)" <pelzflorian@pelzflorian.de>,
Skyler Ferris <skyvine@protonmail.com>,
guix-blog@gnu.org
Subject: bug#70759: [PATCH guix-artwork] website: Add post about ‘guix git authenticate’.
Date: Tue, 07 May 2024 14:17:41 +0200 [thread overview]
Message-ID: <87msp17r4q.fsf_-_@gnu.org> (raw)
In-Reply-To: <CAJ3okZ34Q=XyaL_D3-0NDB3qHuUkTjGhosKSZc_79YGd1RL2qw@mail.gmail.com> (Simon Tournier's message of "Mon, 6 May 2024 18:26:41 +0200")
Hi,
Simon Tournier <zimon.toutoune@gmail.com> skribis:
> On Mon, 6 May 2024 at 17:49, Ludovic Courtès <ludo@gnu.org> wrote:
>
>> I tried to reword it in a way similar to what I did in the Programming
>> paper to clarify that it’s not just about lock-in but also about
>> semantics:
>>
>> Signing commits is part of the solution, but it’s not enough to
>> _authenticate_ a set of commits that you pull; all it shows is that,
>> well, those commits are signed. Badges aren’t much better: the presence
>> of a “verified” badge only shows that the commit is signed by the
>> OpenPGP key *currently registered* for the corresponding GitLab/GitHub
>> account. It’s another source of lock-in and makes the hosting platform
>> a trusted third-party. Worse, there’s no notion of authorization (which
>> keys are authorized), let alone tracking of the history of authorization
>> changes. Not helpful.
>>
>> Does that clarify things?
>
> Yes, this wording clarifies the issue of badges. For what my view is
> worth here, I would write: badges acts as a service, as with an
> infrastructure as a service or platform as a service. Else LGTM.
OK, pushed:
https://guix.gnu.org/en/blog/2024/authenticate-your-git-checkouts/
Thanks for your feedback!
Ludo’.
prev parent reply other threads:[~2024-05-07 12:19 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-03 20:57 [bug#70759] [PATCH guix-artwork] website: Add post about ‘guix git authenticate’ Ludovic Courtès
2024-05-04 13:28 ` pelzflorian (Florian Pelz)
2024-05-05 16:31 ` Ludovic Courtès
2024-05-06 9:39 ` Simon Tournier
2024-05-06 15:49 ` Ludovic Courtès
2024-05-06 16:26 ` Simon Tournier
2024-05-07 12:17 ` Ludovic Courtès [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87msp17r4q.fsf_-_@gnu.org \
--to=ludo@gnu.org \
--cc=70759-done@debbugs.gnu.org \
--cc=guix-blog@gnu.org \
--cc=pelzflorian@pelzflorian.de \
--cc=skyvine@protonmail.com \
--cc=zimon.toutoune@gmail.com \
--cc=~@wolfsden.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).