GNU bug report logs - #70818
[PATCH] maint: Suggest ‘guix git authenticate’ for initial authentication.

Previous Next

Full log

Message #16 received at 70818-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: guix-security <at> gnu.org, Skyler Ferris <skyvine <at> protonmail.com>,
 70818-done <at> debbugs.gnu.org, Florian Pelz <pelzflorian <at> pelzflorian.de>
Subject: Re: [bug#70818] [PATCH] maint: Suggest ‘guix
 git authenticate’ for initial authentication.
Date: Sat, 25 May 2024 16:24:38 +0200

Hi,

Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:

> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> The previous recommendation, running ‘make authenticate’, was insecure
>> because it led users to run code from the very repository they want to
>> authenticate:
>>
>>   https://lists.gnu.org/archive/html/guix-devel/2024-04/msg00252.html
>>
>> * Makefile.am (commit_v1_0_0, channel_intro_commit)
>> (channel_intro_signer, GUIX_GIT_KEYRING, authenticate): Remove.
>> * Makefile.am (.git/hooks/%): New target, generalization of previous
>> ‘.git/hooks/pre-push’ target.
>> (nodist_noinst_DATA): Add ‘.git/hooks/post-merge’.
>> * doc/contributing.texi (Building from Git): Suggest ‘guix git
>> authenticate’ instead of ‘make authenticate’.
>> * etc/git/post-merge: New file.
>> * etc/git/pre-push: Run ‘guix git authenticate’ instead of ‘make
>> authenticate’.
>>
>> Reported-by: Skyler Ferris <skyvine <at> protonmail.com>
>> Change-Id: Ia415aa8375013d0dd095e891116f6ce841d93efd
>
> Reviewed-by: Maxim Cournoyer <maxim.cournoyer <at> gmail>
>
> (taking into account the typo spotted by Florian).

I fixed the typo and applied it, thanks!

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.