GNU bug report logs

#28659 Content-addressed mirror is not used upon invalid hash

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #96 received at 28659@debbugs.gnu.org (full text, mbox, reply):

Received: (at 28659) by debbugs.gnu.org; 17 Feb 2020 14:40:23 +0000
From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 17 09:40:23 2020
Received: from localhost ([127.0.0.1]:38203 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1j3hZP-0003oB-1D
	for submit@debbugs.gnu.org; Mon, 17 Feb 2020 09:40:23 -0500
Received: from eggs.gnu.org ([209.51.188.92]:49709)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>)
 id 1j3hZN-0003nt-Rp; Mon, 17 Feb 2020 09:40:22 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:53156)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1j3hZI-0004Wz-MZ; Mon, 17 Feb 2020 09:40:16 -0500
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=48612 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1j3hZH-0005kE-GE; Mon, 17 Feb 2020 09:40:16 -0500
From: Ludovic Courtès <ludo@gnu.org>
To: zimoun <zimon.toutoune@gmail.com>
Subject: Re: bug#39575: guix time-machine fails when a tarball was modified
 in-place
References: <87y2t7j54n.fsf@gnu.org> <87eeuy2mua.fsf@gnu.org>
 <87pnehe0zk.fsf@gnu.org> <878sl47t0q.fsf@gnu.org>
 <CAJ3okZ0-zPcs+pC4tQEymD-On-aN_-hgKRkRzBJzusdbtdYdAg@mail.gmail.com>
 <87k14m3iiy.fsf@gnu.org>
 <CAJ3okZ08ibXTBqsZMwnuEVdhpyXgHVp6+rNGXB02gsHVqwu53A@mail.gmail.com>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 29 Pluviôse an 228 de la
 Révolution
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 17 Feb 2020 15:40:13 +0100
In-Reply-To: <CAJ3okZ08ibXTBqsZMwnuEVdhpyXgHVp6+rNGXB02gsHVqwu53A@mail.gmail.com>
 (zimoun's message of "Mon, 17 Feb 2020 11:18:22 +0100")
Message-ID: <87pned6zw2.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 28659
Cc: 39575@debbugs.gnu.org, 28659@debbugs.gnu.org,
 Jan Nieuwenhuizen <janneke@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Hi,

zimoun <zimon.toutoune@gmail.com> skribis:

> On Sun, 16 Feb 2020 at 11:59, Ludovic Courtès <ludo@gnu.org> wrote:
>> zimoun <zimon.toutoune@gmail.com> skribis:
>> > On Fri, 14 Feb 2020 at 22:34, Ludovic Courtès <ludo@gnu.org> wrote:
>
>> >> Also, one could argue that we’d steer users towards downloading from our
>> >> server, which could be a privacy concern (probably not a strong argument
>> >> since one can easily change the substitute URLs.)
>> >
>> > I am not following the privacy concern.
>> > What do you mean?
>>
>> I mean that by default, someone who’s disabled substitutes (presumably
>> out of security or privacy concerns) would find themself downloading
>> source code from ci.guix.gnu.org instead of various upstream sites.

[...]

> By privacy concern, do you mean that Guix could collect who downloads
> what; in a central fashion? Which is not the case when one downloads
> from several distributed upstream sources. Right?

Exactly.  But like I wrote above, I don’t think it’s a strong argument.

What remains is the issue with ‘content-addressed-item?’, then.

Ludo’.

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Mon Sep 8 01:24:31 2025; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.