On Wed, Aug 16, 2023 at 10:32:23PM +0200, Ludovic Courtès wrote: > Hello, > > Efraim Flashner skribis: > > > * gnu/home/services/gnupg.scm (home-parcimonie-service-type, > > home-parcimonie-configuration): New variables. > > * doc/guix.texi (GNU Privacy Guard): Document it. > > Very nice! > > > +The @code{parcimonie} service runs a daemon that slowly refreshes a GnuPG > > +public key from a keyserver. Its refreshes one key at a time; between every > ^ > “It” > > > +key update parcimonie sleeps a random amount of time, long enough for the > > +previously used Tor circuit to expire. This process is meant to make it hard > > +for an attacker to correlate the multiple performed key update operations. > > Maybe: “to correlate the multiple key updates.” > > > +As an example, here is how you would configure @code{parcimonie} to refresh the > > +keys in your GnuPG keyring, as well as those keyrings created by Guix, such as > > +when running @code{guix import}: > > + > > +@lisp > > +(service home-parcimonie-service-type > > + (home-parcimonie-configuration > > + (refresh-guix-keyrings? #t))) > > +@end lisp > > Maybe add: “This assumes that the Tor anonymous routing daemon is > already running on your system. On Guix System, this can be achieved by > setting up @code{tor-service-type} (@pxref{Networking Services, > @code{tor-service-type}}).” > > Apart from these minor nits, LGTM! > > Thanks, > Ludo’. Thanks. I was able to test it overnight and everything looks good. Patch pushed finally! -- Efraim Flashner רנשלפ םירפא GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted