[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#42048] [PATCH 0/6] Authenticated channels for everyone!
|
From: |
Ludovic Courtès |
|
Subject: |
[bug#42048] [PATCH 0/6] Authenticated channels for everyone! |
|
Date: |
Wed, 01 Jul 2020 17:54:08 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
zimoun <zimon.toutoune@gmail.com> skribis:
> On Wed, 01 Jul 2020 at 14:17, Ludovic Courtès <ludo@gnu.org> wrote:
>
>> But of course, the new ‘introduction’ field of <channel> won’t be
>> recognized by older Guix versions. In that case, you should use the
>> output of ‘guix describe -f channels-sans-intro’ as I wrote in the
>> manual.
>
> Older Guix versions means the Scheme lib and not Inferiors, right?
>
> I mean, if I run using a Guix post-'introduction' "guix describe -f
> channels", then I can run with another Guix post-'introduction' "guix
> time-machine -C channels.scm", everything is fine.
>
> However, I cannot use this post-'introduction' channels.scm file with a
> pre-'introduction' Guix and "guix time-machine -C channels.scm" fails,
> right?
Yup!
> Well, if now Eve has the control of an authorized key (for example the
> Brett's one) then you cannot distinguish between past valid signatures
> to current malicious ones, even if the key is revoked, right?
Revocation in the OpenPGP sense doesn’t not matter at all. What matters
is whether the key is in ‘.guix-authorizations’. If we remove if from
there in commit X, then any commit descending from X that is signed by
that key will be rejected. Past commits (ancestors of X) signed by that
key are still considered authentic.
Ludo’.