From mboxrd@z Thu Jan  1 00:00:00 1970
From: Nikita Karetnikov <nikita@karetnikov.org>
Subject: Re: Signed archives
Date: Thu, 20 Feb 2014 13:54:27 +0400
Message-ID: <87ppmigld8.fsf@karetnikov.org>
References: <87txcqesqv.fsf@karetnikov.org> <87eh3ure1r.fsf@gnu.org>
	<87bnyyiv2u.fsf_-_@karetnikov.org> <87ha8qo7rl.fsf@gnu.org>
	<8761p5jv1g.fsf@karetnikov.org> <87r47tfmes.fsf@gnu.org>
	<8738k0pj8c.fsf@karetnikov.org> <874n4fnhs7.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha1; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39577)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <nikita@karetnikov.org>) id 1WGQEb-0007Qa-No
	for guix-devel@gnu.org; Thu, 20 Feb 2014 04:48:02 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <nikita@karetnikov.org>) id 1WGQEb-0001vU-08
	for guix-devel@gnu.org; Thu, 20 Feb 2014 04:48:01 -0500
In-Reply-To: <874n4fnhs7.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?=
	=?utf-8?Q?s?= message of "Tue, 04 Feb 2014 14:12:24 +0100")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

More questions:

1. Will hydra.gnu.org serve only signed .narinfo files?

2. If not, how can one opt out of verifying while using =E2=80=98guix
   substitute-binary=E2=80=99?  Should we add an option to =E2=80=98guix pa=
ckage=E2=80=99 and
   =E2=80=98guix build=E2=80=99?

3. How does a user get Hydra=E2=80=99s public key?

4. Will the entire cache be signed with a single key?  (Mark, would you
   like to add something?)

5. When do we want to verify the .narinfo file?  Can it be done in
   =E2=80=98read-narinfo=E2=80=99?  Similarly, should we sign and base64-en=
code in
   =E2=80=98write-narinfo=E2=80=99?

6. Where should =E2=80=98guix substitute-binary=E2=80=99 look for a keypair?

7. How do we determine that a file is signed with a trusted key?  What
   if we don=E2=80=99t have the needed public key?  Does it mean we miss the
   right one, or is it a MITM attack?

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJTBdDWAAoJEM+IQzI9IQ38JgsQAJYrbhYMkAMooSPecZSGkqNG
hPtriovxjSRAsS9VxfONd5YqFe8Im7XvYxeFGZV0Np8WP1OTD+oiy2100oTg14ku
k8G4MY5uQFs1uEBsAekFlyyQ4xQJSewB2IiFi7DM/zEJoXUoyNodH2QXa4ZaLVAY
YGUK8CjYDYM8Ad7ggswZfwybjOraJrhf08MnFgimaw+o7krwTTjmDaapwIP3ZtxD
4SbG4F7IdHLZQhkBp34NxNW+faD0SzpSEg+/QW6BttXrL2MvKWevpMkI56XU0XlR
tTXXFoTnRgjXqIwsG7Ye/QpUKSTfYBM+oHAe2AkLDR1ZkQHb9revY63vGi6a7x8G
vTIJ2him4rRhiFGHqD7XRjZXDmiNhTC1ap+K0gmyAEOa0gAwXBp1RakL59S/ANZg
VUy13HxGbtJ+TbTi6da6zmwoCl5s1E/dGPKUZL1LFaxTIfvYd4QU14FQ/+yG6Yq2
8xDVCwgaiszWh84Hacr6q/XSdET6bHrqNdsAr4Vcq48jYfTigC2GJq0BrpBp4FU2
e3+7UbUb7/rIzwl3TQ0jxH8LGTNnWhE6XEWFyDsCD6yR/zKMt0pgVTV3p2xpVeNZ
DZMOcNDNXAM3/wrrJMCzDpWct8nP2euZr6kbptMDiRpmbVJ3j4a/TT9PPrZrOkj4
GyPVjuEtpxN2bgwGR3+e
=ZcIb
-----END PGP SIGNATURE-----
--=-=-=--