[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#42048] [PATCH 6/6] services: provenance: Save channel introductions
From: |
Ludovic Courtès |
Subject: |
[bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. |
Date: |
Wed, 01 Jul 2020 14:12:11 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hi Simon,
zimoun <zimon.toutoune@gmail.com> skribis:
> On Tue, 30 Jun 2020 at 22:28, Ludovic Courtès <ludo@gnu.org> wrote:
>
>>> One thing that I worry about is authentication of channels that are
>>> added as dependencies of user-selected channels. Let’s say my channel
>>> “guix-bimsb” depends on “guix-past”. How will users of “guix-bimsb”
>>> authenticate the commits of “guix-past” when they don’t know about
>>> “guix-past” (they only care about “guix-bimsb”), and don’t explicitly
>>> add introduction information to their channels file?
>>>
>>> Is there something that the authors of “guix-bimsb” can do to not only
>>> indicate the dependency on “guix-past”, but also to attach introduction
>>> information? Will the format of the “.guix-channel” need to be
>>> adjusted?
>>
>> That’s a very good question and I had completely overlooked it.
>
> Héhé, yet I had the same question one month ago. :-)
Oh I’m sorry, I think I misunderstood your question back then!
>> With this patch set, someone pulling guix-bimsb would just end up
>> pulling guix-past unauthenticated; there’s not even a warning.
>>
>> (There’s currently a warning in (guix channels), but only when pulling
>> an unauthenticated 'guix channel. It’s perhaps too early to have that
>> warning enabled for all channels. WDYT?)
>
> Enable the warning appears to me a good idea because this dependency is
> like "doing something I am not necessary aware in my back".
I’m talking about the warning that says “this channel is
unauthenticated”, which is mostly orthogonal to the discussion at hand.
The reason I said it’s perhaps too early to enable it is that people
haven’t had a chance to make their channel “authenticable” yet.
>> So yes, I suppose we would need to extend the ‘.guix-channel’ format for
>> dependencies. Luckily it should be quite simply because that format is
>> extensible; older Guix versions would ignore the ‘introduction’ field.
>> It would look something like this:
>>
>> (channel
>> (version 0)
>> (dependencies
>> (channel
>> (name some-collection)
>> (url "https://example.org/first-collection.git")
>> (introduction (channel-introduction
>> (version 0)
>> (commit "…")
>> (signer "…"))))
>> (channel
>> (name some-other-collection)
>> (url "https://example.org/second-collection.git")
>> (branch "testing")))) ;not an authenticated channel
>>
>> It does mean that a channel can indirectly trick you into turning off
>> authentication for a dependent channel. But I think that’s within the
>> expectations for channels: when you choose a channel, you trust it
>> enough to run its code.
>
> Sound good to me.
Alright, I’ll do that as a followup.
Thanks!
Ludo’.