GNU bug report logs - #42048
[PATCH 0/6] Authenticated channels for everyone!

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Thu, 25 Jun 2020 21:05:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: zimoun <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 42048 <at> debbugs.gnu.org
Subject: [bug#42048] [PATCH 0/6] Authenticated channels for everyone!
Date: Wed, 01 Jul 2020 15:09:21 +0200

On Wed, 01 Jul 2020 at 14:17, Ludovic Courtès <ludo <at> gnu.org> wrote:

> But of course, the new ‘introduction’ field of <channel> won’t be
> recognized by older Guix versions.  In that case, you should use the
> output of ‘guix describe -f channels-sans-intro’ as I wrote in the
> manual.

Older Guix versions means the Scheme lib and not Inferiors, right?

I mean, if I run using a Guix post-'introduction' "guix describe -f
channels", then I can run with another Guix post-'introduction' "guix
time-machine -C channels.scm", everything is fine.

However, I cannot use this post-'introduction' channels.scm file with a
pre-'introduction' Guix and "guix time-machine -C channels.scm" fails,
right? 


> In general, when a developer loses control over their key, another
> committer should remove it right away form ‘.guix-authorizations’.  (I
> did that today following Brett’s message, for example.)
>
> Signatures on past commits can still be verified and everything is fine.
> The (guix openpgp) code ignores key expiration and revocation; it “just”
> verifies signatures.
>
>> Today, everything is fine, I sign and I do in introduction.  Couple of
>> months (or even years) later, my key will be compromised and so I will
>> revoke it.  What happens if I do "guix time-machine -C"?
>
> That’s OK.  The keyring is distributed along with the channel still
> contains your key, with or without a revocation certificate, but that
> doesn’t prevent us from verifying signatures on past commits.  (This is
> different from what gpg does.)

It answers to my question about time-machine.  Thank you.
Now I have another one. :-)

Well, if now Eve has the control of an authorized key (for example the
Brett's one) then you cannot distinguish between past valid signatures
to current malicious ones, even if the key is revoked, right?

(It is not a practical issue but it is a possible scenario.)

Cheers,
simon
This bug report was last modified 4 years and 319 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.