GNU bug report logs - #53901
[PATCH] publish: Sign only normative narinfo fields.

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Wed, 9 Feb 2022 17:53:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #20 received at 53901 <at> debbugs.gnu.org (full text, mbox):

From: pukkamustard <pukkamustard <at> posteo.net>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 53901 <at> debbugs.gnu.org
Subject: Re: [bug#53901] [PATCH] publish: Sign only normative narinfo fields.
Date: Fri, 11 Feb 2022 10:30:45 +0000

Ludovic Courtès <ludo <at> gnu.org> writes:

> [...]
> 
> At this point, the client (narinfo consumer) cannot assume that the
> server signs only the normative part, and only in a specific order; this
> would be a protocol change (in fact, with this patch, ‘guix publish’
> actually also signs the ‘Deriver’ field although that’s not a normative
> field; maybe I should take ‘Deriver’ out.)
>
> So I’m afraid we cannot clean that up yet.

Ah, yes. I didn't think of the case where the server is older than the
client.

Thank you for your explanation!

-pukkamustard

This bug report was last modified 3 years and 153 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #53901 [PATCH] publish: Sign only normative narinfo fields.

GNU bug report logs - #53901
[PATCH] publish: Sign only normative narinfo fields.