GNU bug report logs - #30143
UX: print warning if substitute server is not authorized

Previous Next

Package: guix;

Reported by: Ricardo Wurmus <ricardo.wurmus <at> mdc-berlin.de>

Date: Wed, 17 Jan 2018 12:18:01 UTC

Severity: normal

Full log

View this message in rfc822 format

From: Chris Marusich <cmmarusich <at> gmail.com>
To: Ricardo Wurmus <ricardo.wurmus <at> mdc-berlin.de>
Cc: 30143 <at> debbugs.gnu.org
Subject: bug#30143: UX: print warning if substitute server is not authorized
Date: Sun, 21 Jan 2018 23:08:39 -0800

[Message part 1 (text/plain, inline)]
Ricardo Wurmus <ricardo.wurmus <at> mdc-berlin.de> writes:

> Suppose I add example.com as a substitute server by passing
> “--substitute-urls=https://example.com” to the daemon or the Guix
> command line.  I haven’t authorized the signing key, so Guix won’t
> accept any of the substitutes from example.com.
>
> Currently, Guix does not make it obvious to the user that a requested
> substitute server is ignored because its key is not authorized.  We
> should print a clear warning in this case.
>
> (guix scripts authenticate) already includes “validate-signature”, which
> aborts with an error if the key is not authorized, but we don’t seem to
> use it.

What if example.com serves substitutes that are signed by another
server, such as hydra.gnu.org?  No matter where a substitute comes from,
if it was signed with an authorized key and its signature checks out,
then it's OK to use, right?

-- 
Chris

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 186 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.