GNU bug report logs

#22883 Trustable "guix pull"

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #168 received at 22883@debbugs.gnu.org (full text, mbox, reply):

Received: (at 22883) by debbugs.gnu.org; 28 Dec 2019 17:45:49 +0000
From debbugs-submit-bounces@debbugs.gnu.org Sat Dec 28 12:45:48 2019
Received: from localhost ([127.0.0.1]:58871 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1ilG9s-0006HL-Kr
	for submit@debbugs.gnu.org; Sat, 28 Dec 2019 12:45:48 -0500
Received: from eggs.gnu.org ([209.51.188.92]:44698)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1ilG9q-0006H7-FK
 for 22883@debbugs.gnu.org; Sat, 28 Dec 2019 12:45:46 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:36281)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1ilG9j-00042x-8Y; Sat, 28 Dec 2019 12:45:39 -0500
Received: from [109.190.253.16] (port=49380 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1ilG9i-0003Ir-FR; Sat, 28 Dec 2019 12:45:39 -0500
From: Ludovic Courtès <ludo@gnu.org>
To: Ricardo Wurmus <rekado@elephly.net>
Subject: Re: bug#22883: Authenticating a Git checkout
References: <87io14sqoa.fsf@dustycloud.org> <87h9ep8gxk.fsf@gnu.org>
 <20160426001359.GA23088@jasmine> <874majg0z8.fsf@gnu.org>
 <87bn3iz1xc.fsf_-_@gnu.org> <87wpket748.fsf@gnu.org>
 <87bmkwm8ed.fsf@gnu.org> <87png9o8i2.fsf@elephly.net>
 <87fth4bj6y.fsf@gnu.org> <87k16go2oq.fsf@elephly.net>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 8 Nivôse an 228 de la Révolution
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Sat, 28 Dec 2019 18:45:36 +0100
In-Reply-To: <87k16go2oq.fsf@elephly.net> (Ricardo Wurmus's message of "Sat,
 28 Dec 2019 17:05:57 +0100")
Message-ID: <87k16g9we7.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 22883
Cc: 22883@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Ricardo Wurmus <rekado@elephly.net> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:
>
>> The caching implemented in 787766ed1e7f0806a98e696830542da528f957bb
>> makes things acceptable: the first “make authenticate” run takes a bit
>> more than two minutes to check all the commits starting from ‘v1.0.1’,
>> but subsequent runs take a few seconds.
>
> This sounds good.
>
> I wonder how we would integrate this into “guix pull”.  For
> authentication to work at all the user would have to have *all* past
> keys.  (I’m missing at least one of the keys, because only current keys
> are contained in the keyring on Savannah.)

Right.  Clearly we shouldn’t rely on key servers because it’s brittle,
keys might be missing, it requires the whole GnuPG shebang to fetch a
single key, etc.

Instead, what I have in mind is to have a branch in the same repo
containing a complete keyring of the past and current keys (say, one
file per key).  The machinery would thus start by loading the keyring
and then use it when verifying signatures.

We can generalize that to all channels: ‘.guix-channel’ could specify
(1) a keyring branch, and (2) the name of a file listing authorized
keys.

How does that sound?

Thanks,
Ludo’.

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 01:00:29 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.