GNU bug report logs -
#42048
[PATCH 0/6] Authenticated channels for everyone!
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Thu, 25 Jun 2020 21:05:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Hi,
Ricardo Wurmus <rekado <at> elephly.net> skribis:
> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> In the end signing the commit/key pair does not buy us much. Someone
>> publishing a valid but different commit/key pair would effectively be
>> publishing a different channel, which could be a fork (made by a former
>> authorized developer) or simply a mirror. In the latter case, there's
>> nothing to be gained by publishing a different commit/key pair.
>>
>> * guix/channels.scm (<channel-introduction>)[signature]: Remove.
>> (make-channel-introduction): Adjust accordingly.
>> ---
> […]
>> (define (make-channel-introduction commit signer)
>> "Return a new channel introduction: COMMIT is the introductory where
>> authentication starts, and SIGNER is the OpenPGP fingerprint (a bytevector) of
>> the signer of that commit."
>> - (%make-channel-introduction commit signer #f))
>> + (%make-channel-introduction commit signer))
>
> Do we still need this procedure at all? Looks like
> %make-channel-introduction could simply be renamed to make-channel-introduction.
‘%make-channel-introduction’ is actually a macro, which is thus inlined.
Exporting a procedure makes it easier to preserve ABI compatibility and
allow for future extensions (keyword parameters, for instance).
Ludo’.
This bug report was last modified 4 years and 320 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.