Hi! For some reason, /etc/guix/acl is not declarative on Guix System: we let users modify it and assume it’s stateful, which can surprise users as in <https://issues.guix.gnu.org/39819>.
Should we make it declarative, just like most of /etc? I think so. For a build farm like berlin, it would force admins to explicitly list all the authorized keys in their config—annoying change, but not a bad thing. WDYT? The problem is the transition. We would need to at least create a backup of /etc/guix/acl on the next activation, or better yet, warn users or error out at reconfigure time. Thoughts? Ludo’.
