l...@gnu.org (Ludovic Courtès) skribis: > The good news is that, with a bit of work in (guix nar), > ‘substitute-binary’ will be able to use that mechanism too. So we can > change Hydra to always sign its archives (simple), and > ‘substitute-binary’ to always check signatures and check the signer > against the ACL. The users can choose whether or not to add > hydra.gnu.org’s public key to their ACL.
It turns out that changing Hydra to always sign is not as simple as I initially thought, because it doesn’t export archives via the ‘export-paths’ RPC (the one that knows how to sign them.) So we’re back to discussing another approach with the (apparently unmotivated) Hydra folks, probably adding a ‘Signature’ field to the .narinfo files (see <http://lists.gnu.org/archive/html/bug-guix/2013-05/msg00087.html> and <http://lists.science.uu.nl/pipermail/nix-dev/2013-May/011203.html>.) Anyone knowledgeable with Perl, Nix, and diplomacy is welcome here. :-) We should also start thinking more about decentralized distribution. Ludo’.
