Hey, Marius Bakke <mar...@gnu.org> skribis:
> Ludovic Courtès <l...@gnu.org> writes: [...] >> To be clear, it wouldn’t just “leave a gap”: all future commits would >> also be rejected. The authentication code ensures that each commit is >> signed by one of the keys authorized in its parent commit(s). (See the >> latest discussions at <https://issues.guix.gnu.org/22883>.) > > Indeed, sorry for being unclear. The gap I was referring to was based > on a hypothetical situation where we worked around this issue in > git-authenticate.scm, similar to %commits-with-known-bad-signature. As it turns out, ‘%commits-with-known-bad-signature’ is unused. :-) I’m actually reluctant to supporting it now because I don’t see how it could be implemented without also offering a trivial way to escape verification. >> This is a good opportunity to remind all fellow committers of the latest >> changes in that area, which are summarized here: >> >> https://guix.gnu.org/manual/devel/en/html_node/Commit-Access.html >> >> Please take a look. >> >> SCARY WARNING: >> >> When ‘guix pull’ runs that authentication code, which I hope will be >> the case in a few weeks, any such mistakes means that users will not >> be able to pull at all, so we all have to be very cautious. If we do >> make a mistake, we’ll have to reset the branch to a known-good state, >> like you did. > > I am really looking forward to strong authentication in 'guix pull'. > Sounds like a good excuse to make a new release! :-) Yup! Ludo’.
