35/66: programming-2022: Mention prior work upfront in the intro.

[Ludovic Courtès]

civodul pushed a commit to branch master
in repository maintenance.

commit bc104ed96d64fbe535b424c4f92586dbd937df23
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Tue Jan 25 10:04:08 2022 +0100

    programming-2022: Mention prior work upfront in the intro.
    
    * doc/programming-2022/supply-chain.skb (Introduction): Include
    paragraph from the abstract stating why prior work is insufficient.
---
 doc/programming-2022/supply-chain.skb | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/doc/programming-2022/supply-chain.skb 
b/doc/programming-2022/supply-chain.skb
index a0ce74f..6dac3cb 100644
--- a/doc/programming-2022/supply-chain.skb
+++ b/doc/programming-2022/supply-chain.skb
@@ -189,7 +189,7 @@ updating Guix-installed software packages means, first, 
updating the
 local copy of the Guix source code.  Prior work on secure software
 updates focuses on systems very different from Guix—systems such as
 Debian, Fedora, or PyPI where updating consists in fetching metadata
-about the latest binary artifacts available—and largely inapplicable in
+about the latest binary artifacts available—and is largely inapplicable in
 the context of Guix.  Deployment tools that more closely resemble Guix,
 from Nix to Portage, either lack secure update mechanisms or suffer from
 shortcomings.])
@@ -246,16 +246,39 @@ allowing users to search for software packages, to 
install them, and to
 upgrade them.  Unlike apt, yum, and many popular package managers, Guix
 builds upon the ,(emph [functional deployment model]) pioneered by Nix
 ,(ref :bib "dolstra2004:nix"), a foundation for reproducible deployment,
-reproducible builds, and provenance tracking.  Guix is essentially a
+reproducible and verifiable builds, and provenance tracking.  Guix is 
essentially a
 “source-based” deployment tool: the ,(emph [model]) is that of a system
 where every piece of software is built from source, and pre-built
 binaries are viewed as a mere optimization and not as a central aspect
 of its design.])
       
-      (p [This paper describes the design and implementation of Guix’s
+     (p [This paper focuses on one research question: how can Guix and
+similar systems allow users to securely update their software?  Guix
+source code is distributed using the Git version control system;
+updating Guix-installed software packages means, first, updating the
+local copy of the Guix source code.  Prior work on secure software
+updates ,(ref :bib '(samuel2010:survivable kuppusamy2017:mercury))
+focuses on systems very different from Guix—systems such as
+Debian, Fedora, or PyPI where updating consists in fetching metadata
+about the latest binary artifacts available—and is largely
+inapplicable in the context of Guix.  Deployment tools that more closely
+resemble Guix, from Nix to Portage and BSD Ports ,(ref :bib
+'(dolstra2004:nix brew2022:github condaforge2022:web
+freebsd2022:handbook pkgsrc2022:guide gentoo2022:portage-security)),
+either lack secure update mechanisms or suffer from shortcomings.])
+
+;;       (p [More generally, contrary to recent work on supply chain
+;; security that revolves around ,(emph [attestation]) of the various
+;; supply chain links ,(ref :bib '(torresarias2019:intoto google2021:slsa
+;; sigstore2021:web)), Guix takes a radical approach to support ,(emph
+;; [independent verification]).])
+
+      (p [We describe the design and implementation of Guix’s
 secure update mechanism.  ,(numref :text [Section] :ident "background")
 gives background information necessary to understand the overall
-deployment model of Guix.  ,(numref :text [Section] :ident "rationale")
+deployment model of Guix, showing how it supports ,(emph [independent
+verification]) of key links of the software supply chain.
+,(numref :text [Section] :ident "rationale")
 presents our goals and threat model for the design of secure updates.
 ,(numref :text [Section] :ident "authenticating") describes our design
 of a Git checkout authentication mechanism and ,(numref :text [Section]
@@ -270,7 +293,7 @@ and report on our experience.  Last, ,(numref :text 
[Section]
    
    (chapter :title [Background] :ident "background"
       
-      (p [Users of free operating systems such as GNU/Linux are used to
+      (p [Users of free operating systems such as GNU/Linux are familiar with
 ,(emph [package managers]) like Debian's ,(tt [apt]), which allow them
 to install, upgrade, and remove software from a large collection of free
 software packages.  GNU Guix,(footnote (url "https://guix.gnu.org";)) is