GNU bug report logs - #42048
[PATCH 0/6] Authenticated channels for everyone!

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Thu, 25 Jun 2020 21:05:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #35 received at 42048 <at> debbugs.gnu.org (full text, mbox):

From: Ricardo Wurmus <rekado <at> elephly.net>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 42048 <at> debbugs.gnu.org
Subject: Re: [bug#42048] [PATCH 3/6] channels: Remove 'signature' from
 <channel-introduction>.
Date: Tue, 30 Jun 2020 16:35:14 +0200

Ludovic Courtès <ludo <at> gnu.org> writes:

> In the end signing the commit/key pair does not buy us much.  Someone
> publishing a valid but different commit/key pair would effectively be
> publishing a different channel, which could be a fork (made by a former
> authorized developer) or simply a mirror.  In the latter case, there's
> nothing to be gained by publishing a different commit/key pair.
>
> * guix/channels.scm (<channel-introduction>)[signature]: Remove.
> (make-channel-introduction): Adjust accordingly.
> ---
[…]
>  (define (make-channel-introduction commit signer)
>    "Return a new channel introduction: COMMIT is the introductory where
>  authentication starts, and SIGNER is the OpenPGP fingerprint (a bytevector) of
>  the signer of that commit."
> -  (%make-channel-introduction commit signer #f))
> +  (%make-channel-introduction commit signer))

Do we still need this procedure at all?  Looks like
%make-channel-introduction could simply be renamed to make-channel-introduction.

-- 
Ricardo
This bug report was last modified 4 years and 320 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.