GNU bug report logs -
#42048
[PATCH 0/6] Authenticated channels for everyone!
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Thu, 25 Jun 2020 21:05:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #50 received at 42048 <at> debbugs.gnu.org (full text, mbox):
Hi Ludo,
On Thu, 25 Jun 2020 at 23:04, Ludovic Courtès <ludo <at> gnu.org> wrote:
> The most visible effect is that channel introductions are now
> part of the API and shown by ‘guix describe’. It becomes a long-term
> commitment because we want to be able to pass the output of
> ‘guix describe -C channels’ or /run/current-system/channels.scm
> to ‘guix pull’ and ‘guix time-machine’ in the future.
How could I test this machinery with "guix time-machine"?
> Contrary to what I initially proposed¹, channel introductions are
> stripped to the bare minimum: a commit/fingerprint pair (as is
> currently the case on master, internally). I figured it doesn’t
> buy us much to have the commit/fingerprint pair signed; what
> matters is that users obtain the introduction from a trusted
> source, and the signature wouldn’t help with that. I also got
> rid of the idea of rendering introductions are opaque base64 blobs.
What happens when traveling in time if the key used by the signature has
been compromised?
Today, everything is fine, I sign and I do in introduction. Couple of
months (or even years) later, my key will be compromised and so I will
revoke it. What happens if I do "guix time-machine -C"?
Well, the question even applies to %default-channel? Maybe you already
answered and I missed it.
Cheers,
simon
This bug report was last modified 4 years and 321 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.