From: zimoun <zimon.toutoune@gmail.com>
To: "Ludovic Courtès" <ludovic.courtes@inria.fr>,
"Konrad Hinsen" <konrad.hinsen@fastmail.net>
Cc: guix-science@gnu.org
Subject: Re: Help! I messed up guix-past
Date: Sat, 10 Sep 2022 12:40:51 +0200 [thread overview]
Message-ID: <86v8pv5x70.fsf@gmail.com> (raw)
In-Reply-To: <87y1ur34np.fsf@gnu.org>
Hi,
On Sat, 10 Sep 2022 at 12:27, Ludovic Courtès <ludovic.courtes@inria.fr> wrote:
> Yes, in this particular case, it is the only way forward.
As shown in another message, there is just a warning about stalling.
However, no error and the packages are available.
Therefore, I do not understand the authentication mechanism. Because I
was expecting to have an error and that pull forces me to run
--disable-authentication.
> That said, I think authenticating source code is important. Starting
> from a few months ago, Git supports other means to do that, but they’re
> not widespread and not all that attractive. With all its warts, OpenPGP
> is what we have to do that.
All code are not equal. Most of the packages in guix-past are very old
packages and I bet they contain many security holes. So I am happy to
know that I fetch authenticated security holes. ;-)
> It would be sad to fork the repo for this reason; maybe we can discuss
> ways to make it practical for you, such as creating a single-purpose key
> that you wouldn’t have to worry much about?
From my point of view, authentication of guix-past adds more burden than
it solves concrete issues of real problem.
I suggest to just drop the authentication for this channel.
Cheers,
simon
next prev parent reply other threads:[~2022-09-10 10:41 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-09 15:16 Help! I messed up guix-past Konrad Hinsen
2022-09-09 15:36 ` Ricardo Wurmus
2022-09-09 15:46 ` zimoun
2022-09-09 16:10 ` Konrad Hinsen
2022-09-09 17:39 ` zimoun
2022-09-10 7:39 ` Konrad Hinsen
2022-09-10 9:47 ` zimoun
2022-09-10 16:20 ` Konrad Hinsen
2022-09-11 14:07 ` Ludovic Courtès
2022-09-11 15:19 ` Efraim Flashner
2022-09-12 6:16 ` Konrad Hinsen
2022-09-12 15:26 ` Ludovic Courtès
2022-09-13 8:58 ` Konrad Hinsen
2022-09-13 9:23 ` Ricardo Wurmus
2022-09-14 9:31 ` Konrad Hinsen
2022-09-10 10:27 ` Ludovic Courtès
2022-09-10 10:40 ` zimoun [this message]
2022-09-10 14:39 ` Ricardo Wurmus
2022-09-12 16:00 ` zimoun
2022-09-09 16:16 ` Julien Lepiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86v8pv5x70.fsf@gmail.com \
--to=zimon.toutoune@gmail.com \
--cc=guix-science@gnu.org \
--cc=konrad.hinsen@fastmail.net \
--cc=ludovic.courtes@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).