Hello Chris,
> On Guix Systems, if the substitute keys are left as the default, for > recent revisions of Guix, the bordeaux.guix.gnu.org signing key will be > included in the ACL by default. With Guix on foreign distributions, it > needs adding manually. > > I think there's some room for improvement in the UI/UX here, in terms of > telling users that there are substitutes available, if they trust a > specific key (all the relevant information is in the narinfo). I totally agree here, as I also faced this issue several times. When fetching a narinfo which is signed with a key that's not in the ACL, we should probably issue a warning. Mathieu