Hi,
Christopher Baines skribis:
> Ludovic Courtès writes:
>
>>> 3: http://theworld.com/~cme/spki.txt
>>>
>>> Using the above ACL, you'd trust a substitute for a path with a specific
>>> hash if you can find 2 narinfos for that path and hash if they're signed
>>> with keys in that entry. Multipl
Ludovic Courtès writes:
>> 3: http://theworld.com/~cme/spki.txt
>>
>> Using the above ACL, you'd trust a substitute for a path with a specific
>> hash if you can find 2 narinfos for that path and hash if they're signed
>> with keys in that entry. Multiple entries would still be supported, and
>>
Hi!
Christopher Baines skribis:
> My feeling is that making some initial step forward in this area is
> going to be tricky, care needs to be taken around the security and
> backwards compatibility aspects. I've now got around to actually
> thinking about potential ways to make parts of this happ
Hey,
So, I've finally got around to actually looking at what code changes
might be involved in changing how users of Guix substitutes trust which
substitutes to use, and which not to use. This follows on from some of
the build reproducibility metrics work that happened recently [1].
1: https://li