Re: [gnu-prog-discuss] Introducing GNU Guix

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnu-prog-discuss] Introducing GNU Guix

From:	Ludovic Courtès
Subject:	Re: [gnu-prog-discuss] Introducing GNU Guix
Date:	Fri, 23 Nov 2012 22:52:52 +0100
User-agent:	Gnus/5.130005 (Ma Gnus v0.5) Emacs/24.2 (gnu/linux)

address@hidden (Niels Möller) skribis:

> address@hidden (Ludovic Courtès) writes:
>
>> The TODO item about signatures is to verify the OpenPGP signature that
>> comes with GNU packages.
>
> I see, then you don't have much choice on signature format. And I agree
> it's a useful feature.

Yes, though one could wonder how much it buys us if the committers are
trusted to have verified that they downloaded a genuine package when
they commit a file with the SHA256.

> You might like expressing authorizations as sexps (and I guess its
> possible to use the spki machinery even with alien input formats like
> openpgp).
>
> I was thinking of using spki delegations for things like "this key can
> authorize installation of packages from these urls" or "this key is
> authorized to install files in this subtree in the file system". But I
> haven't thought carefully about how that should work.

Hmm, OK.

Thanks,
Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [gnu-prog-discuss] Introducing GNU Guix, Niels Möller, 2012/11/23
- Re: [gnu-prog-discuss] Introducing GNU Guix, Ludovic Courtès, 2012/11/23
  - Re: [gnu-prog-discuss] Introducing GNU Guix, Niels Möller, 2012/11/23
    - Re: [gnu-prog-discuss] Introducing GNU Guix, Ludovic Courtès <=

Prev by Date: [PATCH] distro: Add GNU Gettext.
Next by Date: Re: [PATCH] distro: Add GNU Shishi.
Previous by thread: Re: [gnu-prog-discuss] Introducing GNU Guix
Next by thread: [PATCH] distro: Add GNU Gettext.
Index(es):
- Date
- Thread