guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signed archives (preliminary patch)

From: Mark H Weaver
Subject: Re: Signed archives (preliminary patch)
Date: Fri, 28 Feb 2014 04:21:36 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) 
address@hidden (Ludovic Courtès) writes:

> The difficulty here will be to compute the hash up to the Signature
> field.  To do that, ‘read-narinfo’ should probably:
>
>   1. read everything from PORT with ‘get-string-all’ in a string (make
>      sure PORT’s encoding is UTF-8);
>
>   2. isolate the lines before the ^[[:blank:]]*Signature[[:blank:]]:
>      line;
>
>   3. compute the hash of those lines;
>
>   4. do (fields->alist (open-input-string the-whole-string));
>
>   5. pass the hash to the signature verification procedure.
>
> Does that make sense?

Apologies in advance if I'm failing to understand, but I'm concerned
about bundling a single principal signature into the narinfo file.
Not only does it cause the complications discussed above, but more
importantly, it seems to introduce an architectural bias toward an
authentication scheme where everyone is encouraged to place their
trust in a single centralized build system.

How do you envision the transition from this single-signature
architecture to one where other users and/or independent build farms
can add their signatures to hydra?  Will those signatures be treated
differently than the signatures created by hydra.gnu.org?  Will they
be stored and sent to users using a different mechanism?

    Regards,
      Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]