From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id MI2aOQsFOWbggQAAqHPOHw:P1 (envelope-from ) for ; Mon, 06 May 2024 18:27:56 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id MI2aOQsFOWbggQAAqHPOHw (envelope-from ) for ; Mon, 06 May 2024 18:27:56 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=UpA9CgPs; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1715012875; a=rsa-sha256; cv=none; b=F6TXzmSRtxkrggJk879wWIH/r7Yr89W26epHezjZsXAJqtmPK1RJyuOxrrAsRY5pmbre1q dq5bXp4l/sdZNIaLu/pZUzdhK5Krht0n3TI429cfTo9IDLgVOC5rxiqesxkrVFO1pJJ482 78LuoJ5ecy01uWb+kn5EzOZOKH7gh+/sZumoGV11inKEeIIjN8CXkqaOpfwo0wNO3z49rC RCkDsqL3OwrHAk15+b0k0EqF1x+1ChMIopzGYgGwdh392HxFUMmDVFEXx+99hbEyfkWLgo cG0IfHwePxuwE6MlXCrtnv84ghXpX8Ek3JQyKG0w37SarAUw8zuxnVNW/Jewpg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=UpA9CgPs; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1715012875; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=wkkAGsdClTsoeZGEu7ZtvHK5REc6rd7MkW6CPqEA6+s=; b=aZC1zPpqaZHjXh9xwL1jT2pHKie6g9GD1WSieKdz9UqpKwAXHpc4tR4eOm7wGdbHJbSC+E JLOqLMsuL84IQn83Dx6155tLn2FkIsdcukWIZeP4fqIY33X5yN/6wXSViD+eGWrX+XnD2y 6ChpsuepRc/jV50pycaqZIA1HoHlYDUss5JSfpiw8DyrUWBTPjgzwRHrhAN1bg9oJdaMkf Tc4g23HtoI+FB4Qy3nZM4ouH+9HRN9SYXye5IrBil3x2suvJWPLIW63DiLe4bAf3DHUEc1 i27n1e/7AnTeTCKbECeSzqyCMrEGmJ2tNzRYXsVBXIrMY6AdcoJEtp+lgK8Z5Q== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9A2DC6768A for ; Mon, 6 May 2024 18:27:55 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s41Bo-0004PR-E4; Mon, 06 May 2024 12:27:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s41Bi-0004Dw-E5 for guix-patches@gnu.org; Mon, 06 May 2024 12:27:39 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1s41Bh-0004Bm-VX for guix-patches@gnu.org; Mon, 06 May 2024 12:27:38 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1s41C6-0006fC-7Y for guix-patches@gnu.org; Mon, 06 May 2024 12:28:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70759] [PATCH guix-artwork] website: Add post about =?UTF-8?Q?=E2=80=98guix?= git =?UTF-8?Q?authenticate=E2=80=99.?= Resent-From: Simon Tournier Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 06 May 2024 16:28:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70759 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 70759@debbugs.gnu.org, Tomas Volf <~@wolfsden.cz>, "pelzflorian \(Florian Pelz\)" , guix-blog@gnu.org, Skyler Ferris Received: via spool by 70759-submit@debbugs.gnu.org id=B70759.171501284725596 (code B ref 70759); Mon, 06 May 2024 16:28:02 +0000 Received: (at 70759) by debbugs.gnu.org; 6 May 2024 16:27:27 +0000 Received: from localhost ([127.0.0.1]:38936 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s41BX-0006em-1g for submit@debbugs.gnu.org; Mon, 06 May 2024 12:27:27 -0400 Received: from mail-qv1-xf2c.google.com ([2607:f8b0:4864:20::f2c]:40625) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s41BV-0006ee-3w for 70759@debbugs.gnu.org; Mon, 06 May 2024 12:27:25 -0400 Received: by mail-qv1-xf2c.google.com with SMTP id 6a1803df08f44-6a0f5765069so4533246d6.2 for <70759@debbugs.gnu.org>; Mon, 06 May 2024 09:27:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715012815; x=1715617615; darn=debbugs.gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=wkkAGsdClTsoeZGEu7ZtvHK5REc6rd7MkW6CPqEA6+s=; b=UpA9CgPsZKLNHC/1osP+cRp3PydzNTMjZYE/meCH0qHXJ/IW/7byAK/dfr9BvVb49B FczEZfx6CXyusoNFY6sRB7OCt0D7CjBALHNgn0eA8d9R/iwdjGEkv29HPJZ09CYl9Wfu Z5gzXNHhDd+swGKbQS1Ar037851X6D0ttiHPnVK8WbjQmd/+nti2VDuZmnjS2qFpiR7U rg6AemG4VPuL4ZRF/XWkJr7emrlF3tVkK8aBoa3LIKUtPi8Nh16GdOVlarpc4OMsWAGx cjX1urmn0Kvl8xllXObZKGYFRH2sKZZHSvIDGg9t3r4JTwk9f1TEDUgGOVzDknUSZRE7 dMLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715012815; x=1715617615; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wkkAGsdClTsoeZGEu7ZtvHK5REc6rd7MkW6CPqEA6+s=; b=PI4r/Hifz4tJmwaTpQs9ko2vMP/9LyNiARUpwagRhOsjZeZ8mhp8pPJafv5rYLBWSN OEmKMbd4GxAOWCdvRvpmRw8+aF8IGFmM5v4nYXptA/Fq0MVuW45TTbKcG/NM2q9VNe6N xw4ymri3v1wErLYdO+ba6K1ORuNfQaQuIL4wlcahJIK57aRJk43UvmiGQPEApCY06Ufc 7FCRLCgr7YA4FBjsCbBrFALw/o47SP1nbc1+RLQVoQP6xXGKCOnv6uMQe+Ov1xjxuTzC pBE3hxdcnWMenk0dGZh+KlpHvX/vzCBfp72e2VhitCz5IYHxyaPQMoKYAPclP5i4FT1e Znrg== X-Gm-Message-State: AOJu0YxX9NgvKcaCrt6ZkyE1mq1w0Xm/6zbwdyFkYcgEtvMOdCDGbK5I lyD4585nsD8wVpbB7/tBKU1c0/dSjnZF5I/kRdieMiOfPGc/5VsRUrYfZAJNsdhVChJkl0udm0y e5S5KCfAFOpxiRW62SQtPctwsn80= X-Google-Smtp-Source: AGHT+IFip29GhZVkaQR1L8HJbkfBwZs1OASOhBflcuY8Hqu8HqbCOEPv8RMGdCt9uQIdyFB3oYnSejZHBLQDk1Y2m9I= X-Received: by 2002:ad4:5c89:0:b0:6a0:71c2:e929 with SMTP id o9-20020ad45c89000000b006a071c2e929mr12777332qvh.1.1715012814880; Mon, 06 May 2024 09:26:54 -0700 (PDT) MIME-Version: 1.0 References: <20240503205729.6354-1-ludo@gnu.org> <87fruvl1no.fsf@gmail.com> <87le4nhreo.fsf@gnu.org> In-Reply-To: <87le4nhreo.fsf@gnu.org> From: Simon Tournier Date: Mon, 6 May 2024 18:26:41 +0200 Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Queue-Id: 9A2DC6768A X-Migadu-Scanner: mx12.migadu.com X-Migadu-Spam-Score: 5.45 X-Spam-Score: 5.45 X-TUID: 3ZXL03B4x5NL Hi, On Mon, 6 May 2024 at 17:49, Ludovic Court=C3=A8s wrote: > I tried to reword it in a way similar to what I did in the Programming > paper to clarify that it=E2=80=99s not just about lock-in but also about > semantics: > > Signing commits is part of the solution, but it=E2=80=99s not enough to > _authenticate_ a set of commits that you pull; all it shows is that, > well, those commits are signed. Badges aren=E2=80=99t much better: the= presence > of a =E2=80=9Cverified=E2=80=9D badge only shows that the commit is sig= ned by the > OpenPGP key *currently registered* for the corresponding GitLab/GitHub > account. It=E2=80=99s another source of lock-in and makes the hosting = platform > a trusted third-party. Worse, there=E2=80=99s no notion of authorizati= on (which > keys are authorized), let alone tracking of the history of authorizatio= n > changes. Not helpful. > > Does that clarify things? Yes, this wording clarifies the issue of badges. For what my view is worth here, I would write: badges acts as a service, as with an infrastructure as a service or platform as a service. Else LGTM. > I hope that clarifies my intention. Thanks for the clarification. > Now, if you get it done, you have my recognition *and* we can post a > followup saying: look, there=E2=80=99s now at least one standalone tool f= or you. > :-) Deal. :-) Cheers, simon