GNU bug report logs - #42048
[PATCH 0/6] Authenticated channels for everyone!

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Thu, 25 Jun 2020 21:05:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #62 received at 42048 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: Ricardo Wurmus <rekado <at> elephly.net>, 42048 <at> debbugs.gnu.org
Subject: Re: [bug#42048] [PATCH 6/6] services: provenance: Save channel
 introductions.
Date: Wed, 01 Jul 2020 14:49:11 +0200

On Wed, 01 Jul 2020 at 14:12, Ludovic Courtès <ludo <at> gnu.org> wrote:

> Oh I’m sorry, I think I misunderstood your question back then!

My poor English does not help either. :-)

>>> With this patch set, someone pulling guix-bimsb would just end up
>>> pulling guix-past unauthenticated; there’s not even a warning.
>>>
>>> (There’s currently a warning in (guix channels), but only when pulling
>>> an unauthenticated 'guix channel.  It’s perhaps too early to have that
>>> warning enabled for all channels.  WDYT?)
>>
>> Enable the warning appears to me a good idea because this dependency is
>> like "doing something I am not necessary aware in my back".
>
> I’m talking about the warning that says “this channel is
> unauthenticated”, which is mostly orthogonal to the discussion at hand.
> The reason I said it’s perhaps too early to enable it is that people
> haven’t had a chance to make their channel “authenticable” yet.

Well, the possible scenarii are: when pulling guix-bimsb which ends up
to pull guix-past:

 1- unauthenticated guix-bimsb and unauthenticated guix-past
 2- authenticated guix-bimsb and unauthenticated guix-past
 3- unauthenticated guix-bimsb and authenticated guix-past
 4- authenticated guix-bimsb and authenticated guix-past

The #1 and #4 do not deserve a warning.
The point #3 neither and even the authentication of guix-past should be
turned off, at least now.

The point #2 requires a warning.  Because if I am pulling a
authenticated channel, I expect that all the code it pulls is
authenticated which will not be the case, so IMHO it deserves a
warning.

Then it is up to the guix-bimsb channel to add an introduction for the
dependency using the format you described.

Cheers,
simon
This bug report was last modified 4 years and 320 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.