45mg <45mg.wri...@gmail.com> writes:
> I have included below a script that demonstrates an attack on `guix git
> authenticate` that only works with your patch.
>
> It's not the same attack as what I outlined above; I think that one
> would depend on the implementation details of your patch (if it's even
> viable at all; I haven't tested).
>
> Rather, the attack I demonstrate below should work as long as the core
> idea of your patch ("union instead of an intersection of keys valid in
> both parents") is implemented.You are right! Well fuck. Luckily the security impact is ~0 due to various reasons, but this is still something I need to fix. I do have some ideas regarding how to do it, but all of them are fixes intended to solve "authenticating my Guix fork", not general fixes for guix-git-authenticate. But I think it can be made to work (sadly it will not be pretty though). For this weekend I already have plans (packaging apcupsd, yeey), but I will try to write them down and report back with the options next week, I no longer trust myself to write this without supervision. :/ Thanks again once more, Tomas -- There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors.
signature.asc
Description: PGP signature
