Re: force pushing to guix master?

Wed, 17 Dec 2025 16:32:24 -0800 

Hi,

> > first of all sorry for this, this commit was from me and it shouldn't
> > have ever made it to Guix as my key file was wrongly added in keyring
> > branch and Guix couldn't authenticate it.
>
> To clarify, I didn't intend to blame anyone, just collectively ponder if
> there is anything to improve here.

Yes. Drop the authentication requirements.

>From a security standpoint, what matters is the commit content, not who made 
>it.

A bad actor can still make a good commit, and a trusted maintainer can
still make a mistake, be pressured, or lose the private key.

The only scenario where Guix authentication is any good is when I want
to impress some headhunter or boost my ego, when I feel miserable.

Cheers,
Bost
  • force pushing to ... Development of GNU Guix and the GNU System distribution.
    • Re: force pu... Andreas Enge
      • Re: forc... Development of GNU Guix and the GNU System distribution.
        • Re: ... Rutherther
          • ... Development of GNU Guix and the GNU System distribution.
            • ... Development of GNU Guix and the GNU System distribution.
              • ... Ludovic Courtès
    • Re: force pu... Rutherther
      • Re: forc... Development of GNU Guix and the GNU System distribution.
        • Re: ... Rostislav Svoboda
          • ... Tomas Volf
            • ... Rostislav Svoboda
              • ... Ricardo Wurmus
                • ... Rostislav Svoboda
                • ... Development of GNU Guix and the GNU System distribution.
                • ... Rostislav Svoboda
                • ... Vagrant Cascadian
                • ... Rostislav Svoboda
                • ... Ludovic Courtès

Reply via email to