From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id uBCcE0M3315FJwAA0tVLHw (envelope-from ) for ; Tue, 09 Jun 2020 07:16:19 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id 2H9wD0M3317mGgAA1q6Kng (envelope-from ) for ; Tue, 09 Jun 2020 07:16:19 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C8ED2940418 for ; Tue, 9 Jun 2020 07:16:18 +0000 (UTC) Received: from localhost ([::1]:56914 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jiYUa-00041I-8o for larch@yhetil.org; Tue, 09 Jun 2020 03:16:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38904) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jiYUM-000419-Nr for guix-patches@gnu.org; Tue, 09 Jun 2020 03:16:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:47180) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jiYUM-0004hq-F7 for guix-patches@gnu.org; Tue, 09 Jun 2020 03:16:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jiYUM-0003gB-BJ for guix-patches@gnu.org; Tue, 09 Jun 2020 03:16:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#41767] [PATCH 0/9] Authenticate channels Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 09 Jun 2020 07:16:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41767 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 41767@debbugs.gnu.org Cc: 22883@debbugs.gnu.org Received: via spool by 41767-submit@debbugs.gnu.org id=B41767.159168694614108 (code B ref 41767); Tue, 09 Jun 2020 07:16:02 +0000 Received: (at 41767) by debbugs.gnu.org; 9 Jun 2020 07:15:46 +0000 Received: from localhost ([127.0.0.1]:58725 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jiYU5-0003fP-Pd for submit@debbugs.gnu.org; Tue, 09 Jun 2020 03:15:46 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58990) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jiYU4-0003f7-25; Tue, 09 Jun 2020 03:15:44 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36338) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jiYTy-0004ZU-Rp; Tue, 09 Jun 2020 03:15:38 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=58220 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jiYTy-00045R-89; Tue, 09 Jun 2020 03:15:38 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20200608215224.2672-1-ludo@gnu.org> Date: Tue, 09 Jun 2020 09:15:35 +0200 In-Reply-To: <20200608215224.2672-1-ludo@gnu.org> ("Ludovic \=\?utf-8\?Q\?Cour\?\= \=\?utf-8\?Q\?t\=C3\=A8s\=22's\?\= message of "Mon, 8 Jun 2020 23:52:24 +0200") Message-ID: <87y2owogko.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: ObC83XCBqFGI Ludovic Court=C3=A8s skribis: > This patch series does it! It integrates checkout authentication > with (guix channels). Now, =E2=80=98guix pull=E2=80=99, =E2=80=98guix ti= me-machine=E2=80=99 etc. > automatically authenticate the commits they fetch and raise an > error if they find an unsigned commit or a commit signed by an > unauthorized party=C2=B9. [...] > =C2=B9 https://issues.guix.gnu.org/issue/22883#64 Something we didn=E2=80=99t discuss is that this model forbids a merge-requ= est kind of workflow, or at least the person who merges must sign the commits, rewriting the merged branch. I think it=E2=80=99s a reasonable tradeoff in this space, but it=E2=80=99s = worth keeping in mind. Ludo=E2=80=99.