From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id rl47N5y21mJOdQEAbAwnHQ (envelope-from ) for ; Tue, 19 Jul 2022 15:50:21 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id AMjoNZy21mIC+QAAG6o9tA (envelope-from ) for ; Tue, 19 Jul 2022 15:50:20 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 000A52995D for ; Tue, 19 Jul 2022 15:47:22 +0200 (CEST) Received: from localhost ([::1]:45052 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oDnZH-0004qP-NS for larch@yhetil.org; Tue, 19 Jul 2022 09:47:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46884) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oDnXw-0004hn-Qe for guix-devel@gnu.org; Tue, 19 Jul 2022 09:46:00 -0400 Received: from michel.telenet-ops.be ([2a02:1800:110:4::f00:18]:39234) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oDnXs-0001PU-Vn for guix-devel@gnu.org; Tue, 19 Jul 2022 09:45:56 -0400 Received: from ptr-bvsjgyig5nh0salm0pi.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by michel.telenet-ops.be with bizsmtp id x1lm2700620ykKC061lmLu; Tue, 19 Jul 2022 15:45:47 +0200 Message-ID: <1911290d86b2521e4c817f23f401a5acd851fe53.camel@telenet.be> Subject: Re: =?UTF-8?Q?=E2=80=9CBuilding?= a Secure Software Supply Chain with =?UTF-8?Q?GNU=C2=A0Guix=E2=80=9D?= From: Maxime Devos To: Arun Isaac , Ludovic =?ISO-8859-1?Q?Court=E8s?= , guix-devel , guix-science@gnu.org Date: Tue, 19 Jul 2022 15:45:46 +0200 In-Reply-To: <87bktlin3p.fsf@systemreboot.net> References: <87zghu5jex.fsf@inria.fr> <87bktlin3p.fsf@systemreboot.net> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1658238347; bh=EeCT5AKPYkU2Fju6g0tOAuCaBLNu/2HwiYUTU5LfmAE=; h=Subject:From:To:Date:In-Reply-To:References; b=LAGmpCpZYoWrwrSsDntf+Ub54SMHLUdcFMuNcx7OAqxXhVE1cDN4mMKYu3O74lozi HWm8zOkul1kUL7j2hNOwVUoWqcxJjycdvMBafFMhkab92wa3zmywq10sYC08fxZfZV qK3zbZKvGH6Hr7TnJ3OPfuxKSBw64d85UPEsRz8IscXpMQHih3QWZv+C2a9bs73vQ6 OpQQdZXeseuMAXuPIMuYNVxmVe6aTLotyuvtsjeZZ/oPByaMR5ml/A2g7QrcROhE+W a4A+qohw5HXfpUUso2glTixocq92FIqJRVFHgcE8ZWYxSOgOivZOmAqVC5boSqgmf9 f1ruGYf5vlIqA== Received-SPF: pass client-ip=2a02:1800:110:4::f00:18; envelope-from=maximedevos@telenet.be; helo=michel.telenet-ops.be X-Spam_score_int: -7 X-Spam_score: -0.8 X-Spam_bar: / X-Spam_report: (-0.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, PDS_SHORTFWD_URISHRT_FP=0.001, RCVD_IN_DNSWL_LOW=-0.7, SHORT_SHORTNER=1.997, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1658238443; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=EeCT5AKPYkU2Fju6g0tOAuCaBLNu/2HwiYUTU5LfmAE=; b=Pn11kUk/PLxuz3v5dfIAPQn6NBBokXrEGYGC5eEstv00In5uYI95n0PXjJnG9QuA0rKL6w avoS8+cekrdMaTsdOhzd4RmK1wXf7QZVCs51XmJzDO1BI5nEEPkBJpyTcheuyaXWY6Ab43 PTLphTUdPzXGlOdb496hXOZ0GIRL7pRKZhAG0GKC6d+gYnxqpxVB5/4Tajofeu8eWrq1/i xy76W+NDSD7pN/2f9kTWzYAK2+jS9VgthnE0M+Ke/fgY8WLD2eLoqr3cbHYJEhxBBCmnt0 sv6wlnFQu3+2G50EH+bSJaghXct2nEL6LimoX8DJTXYLUSFOEsmpUYsiX6uizg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1658238443; a=rsa-sha256; cv=none; b=T6yR9Ka0gKHxmzThorRG6H+7AIxY95ln2j5rSUyLRcfMMMnO7r5GWYQUGLZzQoaHTZhLrQ 6UqKjOa/pkTCUsYs3zl5wHKI7x5yir3LW+KpXpFNuvTDhteUxnywfGYruz0fBkdF9qHl8r QxoChCuzvwYAWIIjAC2qNR4C3XV2JQ2F83ZkWlLtNg4dC3Pvtnr1RE9xFvdTFIuGXigJ0J Pr7JtYq8iJhaV1rENPPlYxqNwiMbFdP6cp4OrhzfwM1TiwxNG109gDPemfdF/0UYjXdT3V wpl+T2nZ5xS7WgUTBSBUPHCoUdhboXuwql6JwbUBYXRthtrtzeX7u/3ewhzvoQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=telenet.be header.s=r22 header.b=LAGmpCpZ; dmarc=pass (policy=none) header.from=telenet.be; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -7.53 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=telenet.be header.s=r22 header.b=LAGmpCpZ; dmarc=pass (policy=none) header.from=telenet.be; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 000A52995D X-Spam-Score: -7.53 X-Migadu-Scanner: scn0.migadu.com X-TUID: Ya99Cu1ecqG1 Arun Isaac schreef op di 19-07-2022 om 12:51 [+0530]: > > Hi Ludo, > > >    https://doi.org/10.22152/programming-journal.org/2023/7/1 > > This is an excellent read! Are there plans to release this git > authentication system as a separate tool so that other non-Guix > projects may use it easily? FWIW I have been using "guix git authenticate" + .guix-authorizations in the Git repo of Scheme-GNUnet for letting users verify whether they got an 'authentic' copy. Greetings, Maxime.