On 2025-12-01, Rostislav Svoboda wrote: >> signing process [...] guarantees [...] "these are the official >> commits [...]" [...] it helps against rogue clones [...] claiming to >> be the real. > > Two histories already differ by their commit hashes - regardless of > signatures. Git's content hashing already detects rogue or modified > histories without authentication.
The signed authentication detects a compromised git hosting server (e.g. codeberg.org or savannah.gnu.org or a mirror) and prevents it from adding new commits, merges, etc. ... without also compromising at least one of the ~50 guix committers and/or their signing keys. That is not nothing. Admittedly, some of the practices of some of the guix committers make me cringe sometimes, e.g. notably the anti-pattern "just use guix download to get the *right* hash and commit that!" ... so there still is a lot of blind trust going on... but at least we could theoretically trace the accountability trends if repeated problematic patterns are ever revealed... live well, vagrant
signature.asc
Description: PGP signature
