Roel Janssen <r...@gnu.org> skribis: > Ludovic Courtès writes: > >> Pjotr Prins <pjotr.publi...@thebird.nl> skribis: >> >>> On Sat, May 27, 2017 at 12:16:45PM +0200, Ludovic Court??s wrote: >>>> On GuixSD, the key of hydra.gnu.org and bayfront.guixsd.org are always >>>> registered by default. We cannot do that for someone installing Guix on >>>> a foreign distro because that involves creating a file in /etc. >>> >>> Many installs are not on GuixSD. Can't we use the key that is stored >>> in the store itself? If /etc does not exist then use what comes >>> with the installation. >> >> The current behavior is to print a warning when /etc/guix/acl (the list >> of authorized keys) is empty or nonexistent. >> >> Your suggestion would be to automatically populate it, right? >> >> I’m mildly reluctant to that, because we’d stealthily force every user >> into trusting our substitute servers. OTOH I agree that the current >> situation is not optimal. >> >> What do people think? > > Maybe we could find a mid-way here by doing the same as Fedora does with > RPMfusion repositories: It asks the user for trusting the signing keys > before enabling the repository. > > So in our case it would be something like: > $ guix package -i emacs > A `substitute' is available for this package on > https://mirror.hydra.gnu.org. This means we can download the binary > output for this package, instead of compiling it from its source code. > Do you want to use this substitute server with key ... for this package, > and for future packages? [y/N]
It cannot work this way because the decision has to be made by the sysadmin, not by unprivileged users. Also, I like that ‘guix package’ is non-interactive. Ludo’.
