bug#46829: `guix pull` uses incorrect certificate store

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#46829: `guix pull` uses incorrect certificate store

From:	Maxime Devos
Subject:	bug#46829: `guix pull` uses incorrect certificate store
Date:	Wed, 14 Apr 2021 21:57:03 +0200
User-agent:	Evolution 3.34.2

On Wed, 2021-04-14 at 12:50 +0200, Ludovic Courtès wrote:
> [...]
> > > We could also add a ‘--no-check-certificates’ option to ‘guix pull’.
> > 
> > I think we should avoid adding "use insecure connection" options. Even
> > if the code itself is signed.
> 
> “Insecure” is a strong word: it still prevents eavesdropping, which is
> the only property that matters in the presence of authenticated
> channels.

Maybe call the option '--tolerate-eavesdropping' then?  That name:

* is technically correct
* doesn't suggest the option is "Insecure"
* but still sounds like something you don't want
* should be clear to people not knowing about TLS' PKI infrastructure,
  ‘will eventually’™ be replaced with GNS + <insert GNUnet protocol here> or
  something like that, which wouldn't use such a centralised structure.

Thoughts?
Maxime.

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

bug#46829: Fresh install of 1.2.0 can't guix pull, (continued)
- bug#46829: Fresh install of 1.2.0 can't guix pull, Leo Famulari, 2021/04/13
  - bug#46829: Fresh install of 1.2.0 can't guix pull, François, 2021/04/14

Prev by Date: bug#47734: Guix install script on foreign distro fails to add berlin public key
Next by Date: bug#47097: eolie broken => unworking example from manual
Previous by thread: bug#46829: `guix pull` uses incorrect certificate store
Next by thread: bug#46829: Fresh install of 1.2.0 can't guix pull
Index(es):
- Date
- Thread