unofficial mirror of guix-science@gnu.org 
 help / color / mirror / Atom feed
From: Konrad Hinsen <konrad.hinsen@fastmail.net>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-science@gnu.org
Subject: Re: Help! I messed up guix-past
Date: Mon, 12 Sep 2022 08:16:32 +0200	[thread overview]
Message-ID: <m14jxd6rsv.fsf@fastmail.net> (raw)
In-Reply-To: <87h71eypfo.fsf@gnu.org>

Hi Ludo,

> I remember there were issues along these lines at the time GnuPG 2.2 (?)
> was released and the previous major version was still around, but that
> was quite some time ago.
>
> I don’t have the solution off the top if my head, but there ought to be
> one; maybe having PATH consistently prefer either Guix’s profile or
> Ubuntu would help?

In my case, $PATH has my Guix profile first, and I always run the gpg
from my Guix profile. But it picks up the gpg-agent from Ubuntu, which
lives at /usr/bin/gpg-agent.

> Maybe we’ll improvise a GPG debugging sessions in Paris next week, who
> knows?  ;-)

It may well be possible to fix this issue (for example, patch gnupg such
that it launches the agent via the full path to the store), but for me
there is also a loss-of-confidence issue. If a messed-up software
installation grants password-less access to my keys, then my keys
effectively have no password protection any more. Attackers only need to
install two different gpg versions to have access to my keys. That's why
I want to get rid of gpg, rather than fix it superficially.

Cheers,
  Konrad


  parent reply	other threads:[~2022-09-12  6:48 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-09 15:16 Help! I messed up guix-past Konrad Hinsen
2022-09-09 15:36 ` Ricardo Wurmus
2022-09-09 15:46 ` zimoun
2022-09-09 16:10   ` Konrad Hinsen
2022-09-09 17:39     ` zimoun
2022-09-10  7:39       ` Konrad Hinsen
2022-09-10  9:47         ` zimoun
2022-09-10 16:20           ` Konrad Hinsen
2022-09-11 14:07             ` Ludovic Courtès
2022-09-11 15:19               ` Efraim Flashner
2022-09-12  6:16               ` Konrad Hinsen [this message]
2022-09-12 15:26                 ` Ludovic Courtès
2022-09-13  8:58                   ` Konrad Hinsen
2022-09-13  9:23                     ` Ricardo Wurmus
2022-09-14  9:31                       ` Konrad Hinsen
2022-09-10 10:27         ` Ludovic Courtès
2022-09-10 10:40           ` zimoun
2022-09-10 14:39             ` Ricardo Wurmus
2022-09-12 16:00               ` zimoun
2022-09-09 16:16 ` Julien Lepiller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m14jxd6rsv.fsf@fastmail.net \
    --to=konrad.hinsen@fastmail.net \
    --cc=guix-science@gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).