[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Building from git
From: |
Josselin Poiret |
Subject: |
Re: Building from git |
Date: |
Fri, 08 Sep 2023 11:10:37 +0200 |
Hi,
wolf <wolf@wolfsden.cz> writes:
> Hmm, but the recipe for the authenticate rule comes from the (possibly)
> compromised source, no? So the attacker can just modify the recipe instead of
> the command going the authentication. Am I missing something?
You can use a previously trusted guix to do the authentication. `make
authenticate` is here for committers to check that their commits are all
properly signed before pushing (it's used as a pre-push hook).
Best,
--
Josselin Poiret
signature.asc
Description: PGP signature