* bug#30143: UX: print warning if substitute server is not authorized
@ 2018-01-17 12:17 Ricardo Wurmus
2018-01-22 7:08 ` Chris Marusich
0 siblings, 1 reply; 3+ messages in thread
From: Ricardo Wurmus @ 2018-01-17 12:17 UTC (permalink / raw)
To: 30143
Suppose I add example.com as a substitute server by passing
“--substitute-urls=https://example.com” to the daemon or the Guix
command line. I haven’t authorized the signing key, so Guix won’t
accept any of the substitutes from example.com.
Currently, Guix does not make it obvious to the user that a requested
substitute server is ignored because its key is not authorized. We
should print a clear warning in this case.
(guix scripts authenticate) already includes “validate-signature”, which
aborts with an error if the key is not authorized, but we don’t seem to
use it.
--
Ricardo
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#30143: UX: print warning if substitute server is not authorized
2018-01-17 12:17 bug#30143: UX: print warning if substitute server is not authorized Ricardo Wurmus
@ 2018-01-22 7:08 ` Chris Marusich
2018-01-23 6:50 ` Ricardo Wurmus
0 siblings, 1 reply; 3+ messages in thread
From: Chris Marusich @ 2018-01-22 7:08 UTC (permalink / raw)
To: Ricardo Wurmus; +Cc: 30143
[-- Attachment #1: Type: text/plain, Size: 939 bytes --]
Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de> writes:
> Suppose I add example.com as a substitute server by passing
> “--substitute-urls=https://example.com” to the daemon or the Guix
> command line. I haven’t authorized the signing key, so Guix won’t
> accept any of the substitutes from example.com.
>
> Currently, Guix does not make it obvious to the user that a requested
> substitute server is ignored because its key is not authorized. We
> should print a clear warning in this case.
>
> (guix scripts authenticate) already includes “validate-signature”, which
> aborts with an error if the key is not authorized, but we don’t seem to
> use it.
What if example.com serves substitutes that are signed by another
server, such as hydra.gnu.org? No matter where a substitute comes from,
if it was signed with an authorized key and its signature checks out,
then it's OK to use, right?
--
Chris
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#30143: UX: print warning if substitute server is not authorized
2018-01-22 7:08 ` Chris Marusich
@ 2018-01-23 6:50 ` Ricardo Wurmus
0 siblings, 0 replies; 3+ messages in thread
From: Ricardo Wurmus @ 2018-01-23 6:50 UTC (permalink / raw)
To: Chris Marusich; +Cc: 30143
Chris Marusich <cmmarusich@gmail.com> writes:
> Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de> writes:
>
>> Suppose I add example.com as a substitute server by passing
>> “--substitute-urls=https://example.com” to the daemon or the Guix
>> command line. I haven’t authorized the signing key, so Guix won’t
>> accept any of the substitutes from example.com.
>>
>> Currently, Guix does not make it obvious to the user that a requested
>> substitute server is ignored because its key is not authorized. We
>> should print a clear warning in this case.
>>
>> (guix scripts authenticate) already includes “validate-signature”, which
>> aborts with an error if the key is not authorized, but we don’t seem to
>> use it.
>
> What if example.com serves substitutes that are signed by another
> server, such as hydra.gnu.org? No matter where a substitute comes from,
> if it was signed with an authorized key and its signature checks out,
> then it's OK to use, right?
Correct.
--
Ricardo
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-01-23 7:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-17 12:17 bug#30143: UX: print warning if substitute server is not authorized Ricardo Wurmus
2018-01-22 7:08 ` Chris Marusich
2018-01-23 6:50 ` Ricardo Wurmus
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.