Chris Marusich <cmmarus...@gmail.com> writes: > Ricardo Wurmus <ricardo.wur...@mdc-berlin.de> writes: > >> Suppose I add example.com as a substitute server by passing >> “--substitute-urls=https://example.com” to the daemon or the Guix >> command line. I haven’t authorized the signing key, so Guix won’t >> accept any of the substitutes from example.com. >> >> Currently, Guix does not make it obvious to the user that a requested >> substitute server is ignored because its key is not authorized. We >> should print a clear warning in this case. >> >> (guix scripts authenticate) already includes “validate-signature”, which >> aborts with an error if the key is not authorized, but we don’t seem to >> use it. > > What if example.com serves substitutes that are signed by another > server, such as hydra.gnu.org? No matter where a substitute comes from, > if it was signed with an authorized key and its signature checks out, > then it's OK to use, right?
Correct. -- Ricardo
