GNU bug report logs - #42048
[PATCH 0/6] Authenticated channels for everyone!

Previous Next

Full log

Message #68 received at 42048 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: zimoun <zimon.toutoune <at> gmail.com>
Cc: 42048 <at> debbugs.gnu.org
Subject: Re: [bug#42048] [PATCH 0/6] Authenticated channels for everyone!
Date: Wed, 01 Jul 2020 17:54:08 +0200

zimoun <zimon.toutoune <at> gmail.com> skribis:

> On Wed, 01 Jul 2020 at 14:17, Ludovic Courtès <ludo <at> gnu.org> wrote:
>
>> But of course, the new ‘introduction’ field of <channel> won’t be
>> recognized by older Guix versions.  In that case, you should use the
>> output of ‘guix describe -f channels-sans-intro’ as I wrote in the
>> manual.
>
> Older Guix versions means the Scheme lib and not Inferiors, right?
>
> I mean, if I run using a Guix post-'introduction' "guix describe -f
> channels", then I can run with another Guix post-'introduction' "guix
> time-machine -C channels.scm", everything is fine.
>
> However, I cannot use this post-'introduction' channels.scm file with a
> pre-'introduction' Guix and "guix time-machine -C channels.scm" fails,
> right? 

Yup!

> Well, if now Eve has the control of an authorized key (for example the
> Brett's one) then you cannot distinguish between past valid signatures
> to current malicious ones, even if the key is revoked, right?

Revocation in the OpenPGP sense doesn’t not matter at all.  What matters
is whether the key is in ‘.guix-authorizations’.  If we remove if from
there in commit X, then any commit descending from X that is signed by
that key will be rejected.  Past commits (ancestors of X) signed by that
key are still considered authentic.

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.