[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22883: Authenticating a Git checkout
|
From: |
Ludovic Courtès |
|
Subject: |
bug#22883: Authenticating a Git checkout |
|
Date: |
Sat, 28 Dec 2019 18:45:36 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hi,
Ricardo Wurmus <address@hidden> skribis:
> Ludovic Courtès <address@hidden> writes:
>
>> The caching implemented in 787766ed1e7f0806a98e696830542da528f957bb
>> makes things acceptable: the first “make authenticate” run takes a bit
>> more than two minutes to check all the commits starting from ‘v1.0.1’,
>> but subsequent runs take a few seconds.
>
> This sounds good.
>
> I wonder how we would integrate this into “guix pull”. For
> authentication to work at all the user would have to have *all* past
> keys. (I’m missing at least one of the keys, because only current keys
> are contained in the keyring on Savannah.)
Right. Clearly we shouldn’t rely on key servers because it’s brittle,
keys might be missing, it requires the whole GnuPG shebang to fetch a
single key, etc.
Instead, what I have in mind is to have a branch in the same repo
containing a complete keyring of the past and current keys (say, one
file per key). The machinery would thus start by loading the keyring
and then use it when verifying signatures.
We can generalize that to all channels: ‘.guix-channel’ could specify
(1) a keyring branch, and (2) the name of a file listing authorized
keys.
How does that sound?
Thanks,
Ludo’.