From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id aCxRAScu9mXjCQEA62LTzQ:P1 (envelope-from ) for ; Sun, 17 Mar 2024 00:41:27 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id aCxRAScu9mXjCQEA62LTzQ (envelope-from ) for ; Sun, 17 Mar 2024 00:41:27 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=IC8CqPy5; dmarc=pass (policy=quarantine) header.from=protonmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1710632486; a=rsa-sha256; cv=none; b=lFvFr9qJQ+SyxvNcHUy75tHyWsyYEYolOzw+jBaLwBGDlgApdU90rDS16DrNgIJZLtNeGB XzjeylXTEmys1Zp0mqKfOLjfTXZPdYCafwETln8QQvK6G/YD4/oSaGA5BxGu2GzI4XVNj+ LixGCX/LJbqGQ3xtVHIahCBzSNsFG8SaxAsnx8/drwcIWsMm1CMH3yC0sQJpWODbqvrfV1 4Fee752LGRBAB9nICTAAJ43OQQfoZHq8YEIAR1SVJ7Xck0tICe6Itlm2oDhRJQ2oZVCXth GeI7o10CWPBeE55xBDMwHaXrW//6aB4K2WPAeH5JHRALksGrqlR29mZ7IBK8bw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=IC8CqPy5; dmarc=pass (policy=quarantine) header.from=protonmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1710632486; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=XDRBB4Ux7Muel5yLGPhbUpeSVgCJd3f3L45BOhYtI9w=; b=CWrdIqO2za8+pdzyQWmz54mKcTTZ4Ne1ORkwv/330l62NEaXLHMy2N+mFclkSQiky9Z68Q 9MoGjHZHuugFCBaj4w5/cz9Gl2nRTWLoJG7ltSMySyMYjqzQL6C/Treg/BRDJQdGphgQbQ /dWKjdmx6FkykgibmEdxcElY4kdW1vBNSu+5e4kpAjCUjMJix4eukQEpX6utvU0IT6oy9Z sKMBiq9XL6UGUEn/uTtDkP9y/2/TsEvVqV0VhoOIySYNWdOH6JxWpJJUtPFCxNtfUPNOru 4ihPMt09PGYqmhmFMRzxeKIeiBRjje159VJ2O7z2XGXY1hnF6q6Va/8Bs2vmnA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D730E7E1FB for ; Sun, 17 Mar 2024 00:41:26 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rlde0-0004qr-LR; Sat, 16 Mar 2024 19:40:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rlddr-0004pH-3J for guix-devel@gnu.org; Sat, 16 Mar 2024 19:40:44 -0400 Received: from mail-4322.protonmail.ch ([185.70.43.22]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rlddo-0005tj-7F for guix-devel@gnu.org; Sat, 16 Mar 2024 19:40:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1710632437; x=1710891637; bh=XDRBB4Ux7Muel5yLGPhbUpeSVgCJd3f3L45BOhYtI9w=; h=Date:To:From:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=IC8CqPy59WPJ5u7BV+KDNAWEPIzMYC8bjzAu6Ai07+vwLX2eZoohx72rMaHK20R1m 4WNEfErbhHoxmFMZO78caSHP4jczPQgeMquJGLQSfU0hTBs0RT8PDZ1Tk23yC0jmfr f96kSAN5532X/XrFNWOacbmJCd/mHJPToxs1b9tWacgLqyZuhwwTdbg2o3Ai45ZO6p ainn4EwRWw6A8ZWT2nPHbFvWwETz/cewr2/Nj/nIR9zAZbeqfZ3y18ebGakQ3npubx p6LLXzGtLu+xURqTSvQpeC4DGNGlgX/cEwYX0ai74nw59YAK9KThOyVpuqc2R66HvH fNSS6+mJs7Ofg== Date: Sat, 16 Mar 2024 23:40:13 +0000 To: Guix Devel From: Ryan Prior Subject: Fw: Re: Concerns/questions around Software Heritage Archive Message-ID: In-Reply-To: References: <87il1mupco.fsf@meson> <87cyruqcfe.fsf@cbaines.net> Feedback-ID: 7396961:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=185.70.43.22; envelope-from=rprior@protonmail.com; helo=mail-4322.protonmail.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: -9.65 X-Spam-Score: -9.65 X-Migadu-Queue-Id: D730E7E1FB X-TUID: FkxKXLjLIZMz [I intended to CC the following to guix-devel but forgot:] ------- Forwarded Message ------- From: Ryan Prior Date: On Saturday, March 16th, 2024 at 6:36 PM Subject: Re: Concerns/questions around Software Heritage Archive To: Vivien Kraus >=20 >=20 > On Saturday, March 16th, 2024 at 6:13 PM, Vivien Kraus vivien@planete-kra= us.eu wrote: >=20 > > 2. is more difficult, because Guix contributors sometimes change their > > names too, and a commit reading =E2=80=9Cupdate my name=E2=80=9D is not= the best > > solution. If I understand correctly, rewriting the history would be > > understood as a =E2=80=9Cdowngrade attack=E2=80=9D, contrary to the ftf= y case where the > > developer could rewrite the history without such consequences. Is my > > understanding correct? >=20 >=20 > It's only a problem IMO because we make the decision to treat Guix as an = append-only series of commits and treat any other outcome as a potential at= tack. One alternate solution would be to allow provision of an authenticate= d alternate-history data structure, which indicates a set of (old commit ha= sh, new commit hash) tuples going back to the first rewritten commit in the= history, and the whole thing would be signed by a Guix committer. That way= , the updating Guix client can rewind history, apply the new commit(s), ver= ify that the old chain and new chain match what's provided in the alternate= -history structure & that its signature is valid. Thus verified, the Guix i= nstallation could continue without needing to allow a downgrade exception. >=20 > Perhaps there are much better ways of handling this, but I propose it in = hopes of clarifying that there are technical solutions which preserve integ= rity while permitting history rewrites in situations where it is desirable. >=20 > I have requested previously that some commits I've provided be rewritten = to update my name. In my case, it's because I've sometimes misconfigured my= email software such that some commits by me are signed just "ryan" or "Rya= n Prior via Protonmail" or similar, rather than my preference which is "Rya= n Prior". >=20 > In my case this causes me no harm and is simply an annoyance, so when I e= ncountered resistance to rewriting the offending commits, I dropped the mat= ter, and I still consider it dropped and settled. Even if we developed the = capability to securely present a rewritten history, I wouldn't demand that = such be used to address small concerns like mine. >=20 > However, I know we have at least two trans Guix contributors. Do they hav= e any commits with their deadnames on them? Not that this is an invitation = to go look; they can tell us if this is a concern worth raising. I include = the detail to clarify that this is not a distant concern. Perhaps they have= been silent thus far for the same reason that I have, because the policy a= gainst rewrites presents too high a barrier? (Or it may not bother them, or= maybe they used their initials which are the same etc?) In any case I thin= k it would be courteous to develop a procedure by which we could remove dea= dnames from old commits, or otherwise remove harmful information from Guix'= s development history, should this become a necessity. >=20 > Ryan