[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#53901] [PATCH] publish: Sign only normative narinfo fields.
From: |
pukkamustard |
Subject: |
[bug#53901] [PATCH] publish: Sign only normative narinfo fields. |
Date: |
Fri, 11 Feb 2022 10:30:45 +0000 |
Ludovic Courtès <ludo@gnu.org> writes:
> [...]
>
> At this point, the client (narinfo consumer) cannot assume that the
> server signs only the normative part, and only in a specific order; this
> would be a protocol change (in fact, with this patch, ‘guix publish’
> actually also signs the ‘Deriver’ field although that’s not a normative
> field; maybe I should take ‘Deriver’ out.)
>
> So I’m afraid we cannot clean that up yet.
Ah, yes. I didn't think of the case where the server is older than the
client.
Thank you for your explanation!
-pukkamustard