On Sat, Oct 14, 2017 at 03:23:45PM +0200, Ricardo Wurmus wrote: > I don’t know. Substitute sources have to authorized before downloaded > substitutes are accepted by the daemon. This authorization happens as > the root user, as it constitutes a system-wide change.
I was thinking of situations where the subsitute signing key is authorized, but substitutes are disabled system-wide. I don't have a use case for this configuration but, to me, it doesn't seem far-fetched for multi-user systems. Maybe the administrator is willing to let users trust substitutes, but doesn't want to do it for the privileged Guix installation.
signature.asc
Description: PGP signature
