[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#42048] [PATCH 6/6] services: provenance: Save channel introductions

From: Ludovic Courtès
Subject: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions.
Date: Wed, 01 Jul 2020 14:12:11 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

Hi Simon,

zimoun <> skribis:

> On Tue, 30 Jun 2020 at 22:28, Ludovic Courtès <> wrote:
>>> One thing that I worry about is authentication of channels that are
>>> added as dependencies of user-selected channels.  Let’s say my channel
>>> “guix-bimsb” depends on “guix-past”.  How will users of “guix-bimsb”
>>> authenticate the commits of “guix-past” when they don’t know about
>>> “guix-past” (they only care about “guix-bimsb”), and don’t explicitly
>>> add introduction information to their channels file?
>>> Is there something that the authors of “guix-bimsb” can do to not only
>>> indicate the dependency on “guix-past”, but also to attach introduction
>>> information?  Will the format of the “.guix-channel” need to be
>>> adjusted?
>> That’s a very good question and I had completely overlooked it.
> Héhé, yet I had the same question one month ago. :-)

Oh I’m sorry, I think I misunderstood your question back then!

>> With this patch set, someone pulling guix-bimsb would just end up
>> pulling guix-past unauthenticated; there’s not even a warning.
>> (There’s currently a warning in (guix channels), but only when pulling
>> an unauthenticated 'guix channel.  It’s perhaps too early to have that
>> warning enabled for all channels.  WDYT?)
> Enable the warning appears to me a good idea because this dependency is
> like "doing something I am not necessary aware in my back".

I’m talking about the warning that says “this channel is
unauthenticated”, which is mostly orthogonal to the discussion at hand.
The reason I said it’s perhaps too early to enable it is that people
haven’t had a chance to make their channel “authenticable” yet.

>> So yes, I suppose we would need to extend the ‘.guix-channel’ format for
>> dependencies.  Luckily it should be quite simply because that format is
>> extensible; older Guix versions would ignore the ‘introduction’ field.
>> It would look something like this:
>>      (channel
>>       (version 0)
>>       (dependencies
>>        (channel
>>         (name some-collection)
>>         (url "";)
>>         (introduction (channel-introduction
>>                         (version 0)
>>                         (commit "…")
>>                         (signer "…"))))
>>        (channel
>>         (name some-other-collection)
>>         (url "";)
>>         (branch "testing"))))   ;not an authenticated channel
>> It does mean that a channel can indirectly trick you into turning off
>> authentication for a dependent channel.  But I think that’s within the
>> expectations for channels: when you choose a channel, you trust it
>> enough to run its code.
> Sound good to me.

Alright, I’ll do that as a followup.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]