On Tue, Jan 23 2018, Pjotr Prins wrote:
How is it a security issue?

If I can authorise any substitute server key that I want, then I can authorise my own server's key. I can then create a malicious substitute that doesn't correspond to the build recipe in Guix. I could inject whatever code I want into this substitute, and have it placed in the store as the output for the derivation. When another user attempts to install the same package into their profile they will then use my malicious substitute (even though they never authorised my server's key).

Carlo

Attachment: signature.asc
Description: PGP signature

Reply via email to