Felix Lechner <felix.lech...@lease-up.com> writes: > Okay, thanks! In that case, I will get my fingerprint, upon failure, > from the .guix_authorizations files in all other channels---specifically > from the most recent commits there.
Hmm, OK. That could work, but would probably open up a larger attack surface; Tomas had a similar idea to yours, and I shared some concerns there [1]. That said, it's possible that those attack vectors are just not that significant in your own personal threat model, as Tomas noted in his reponse to me [2]. Which is fine. I on the other hand am aiming for a solution that the whole community can rely on, so I do have to worry about those attack vectors if there's even the slightest chance they could affect anyone at all. > I'm okay relying on previous authentication decisions made locally even > after a key used for past commits is no longer available from another > channel, or after that channel was dropped. This would probably mean that if you drop a compromised key from your own channel, and that key was used to sign your commits to your fork, and then you have to delete and re-clone your fork and authenticate the whole thing from scratch, it won't work... but I think that's what you meant by "I'm okay relying on previous authentication decisions made locally". Cool. (Don't mind me, I'm just mining every single fork-authentication-related message I can find for possible improvements to my proposal :D) Good luck, 45mg [1] https://yhetil.org/guix/87ikqcgjsa....@gmail.com/ [2] https://yhetil.org/guix/8734harh6k....@wolfsden.cz/