GNU bug report logs

#22883 Trustable "guix pull"

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #141 received at 22883@debbugs.gnu.org (full text, mbox, reply):

Received: (at 22883) by debbugs.gnu.org; 2 Sep 2018 17:15:31 +0000
From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 02 13:15:31 2018
Received: from localhost ([127.0.0.1]:43257 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fwVyF-0008SK-2O
	for submit@debbugs.gnu.org; Sun, 02 Sep 2018 13:15:31 -0400
Received: from cascadia.aikidev.net ([173.255.214.101]:53700)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <vagrant@debian.org>) id 1fwVyD-0008My-Rg
 for 22883@debbugs.gnu.org; Sun, 02 Sep 2018 13:15:30 -0400
Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100b])
 (Authenticated sender: vagrant@cascadia.debian.net)
 by cascadia.aikidev.net (Postfix) with ESMTPSA id B15931AAC0;
 Sun,  2 Sep 2018 10:15:23 -0700 (PDT)
From: Vagrant Cascadian <vagrant@debian.org>
To: Ludovic Courtès <ludo@gnu.org>
Subject: Re: bug#22883: Trustable "guix pull"
In-Reply-To: <871sab7ull.fsf@gnu.org>
References: <87io14sqoa.fsf@dustycloud.org> <87tvnemfjh.fsf@aikidev.net>
 <871sab7ull.fsf@gnu.org>
Date: Sun, 02 Sep 2018 10:15:19 -0700
Message-ID: <87zhwz6ct4.fsf@aikidev.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 22883
Cc: 22883@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

[Message part 1 (text/plain, inline)]
On 2018-09-02, Ludovic Courtès wrote:
> Vagrant Cascadian <vagrant@debian.org> skribis:
>> I really don't like having a custom GNUPGHOME, but I didn't see any
>> other obvious way to pass arguments to git to use a custom keyring. I
>> populated this GNUPGHOME with keys from:
>>
>>   https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guix&download=1
>>
>> And then ran gpg --refresh-keys on it, as several keys were
>> outdated/expired.
>
> ‘gpgv’, which is recommended for this use case, has a ‘--keyring’
> argument.  I suppose we could use that.

I'm not sure how to get git to use gpgv instead of gpg, and extracting
the information out of git and then implementing some external
verification process, while possible, is likely error-prone.

A feature request to git to allow passing gpg arguments or use gpgv
would be the best way forward in the long-term.


live well,
  vagrant

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 01:27:56 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.