Hi,
zimoun skribis:
> On Wed, 3 Jun 2020 at 11:50, Ludovic Courtès wrote:
>> zimoun skribis:
>> > On Mon, 1 Jun 2020 at 16:08, Ludovic Courtès wrote:
>
>> >> If that information were stored in ‘.guix-channel’, it would be
>> >> trivial for an attacker to fork the project (or push a
Hi Ludo,
Thank you for the explanations.
On Wed, 3 Jun 2020 at 11:50, Ludovic Courtès wrote:
> zimoun skribis:
> > On Mon, 1 Jun 2020 at 16:08, Ludovic Courtès wrote:
> >> If that information were stored in ‘.guix-channel’, it would be
> >> trivial for an attacker to fork the
Hi,
zimoun skribis:
> On Mon, 1 Jun 2020 at 16:08, Ludovic Courtès wrote:
>
>> I think we need a way to “introduce” a channel to its users that goes
>> beyond a mere URL.
>
> Just to be sure to well understand, will the good ol'
> ~/.config/guix/channels.scm
>
> ;; Tell 'guix pull' to use
Hi Ludo,
Really cool!
Well, even if I am not enough clever to understand all that.
On Mon, 1 Jun 2020 at 16:08, Ludovic Courtès wrote:
> I think we need a way to “introduce” a channel to its users that goes
> beyond a mere URL.
Just to be sure to well understand, will the good ol'
Hi!
Ludovic Courtès skribis:
> The good news with this model is that an adversary cannot trick users
> into fetching an unrelated branch where the authorizations would be
> different: they can always detect that it’s a disconnected branch or
> that it’s not a fast-forward pull.
>
> The bad news
