From debbugs-submit-bounces@debbugs.gnu.org Wed Jul 01 08:25:22 2020 Received: (at 42048) by debbugs.gnu.org; 1 Jul 2020 12:25:22 +0000 Received: from localhost ([127.0.0.1]:52483 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqbnl-0008OI-PK for submit@debbugs.gnu.org; Wed, 01 Jul 2020 08:25:22 -0400 Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21128) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqbnj-0008O7-Kf for 42048@debbugs.gnu.org; Wed, 01 Jul 2020 08:25:20 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1593606311; cv=none; d=zohomail.com; s=zohoarc; b=izgF5ymD4v7AFCK9uAeoJKOzKQLko35MqrtGQVyiqM8JqlMxPsqJ5q4za/dN0t5JQJeTTU6EmafSbjKnVkv7axGBAD6jM4H17ghTyEj338tgVkN5cmINum0m/jVaL9QMyLmKANyKK2cZ2WxMb87Pnr5jeL8HfO1oXUFfTmHHGTY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593606311; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=wBpTdnHeD1YclneT7lienLtGCMfKPcy9Edk862KvR9w=; b=kyqoHBmF66NK9cBcMjaQcpbIMCEEAotDM/S84HeqPfXYZN14C+Xrh/X2OrZYpJwhBS80vZQ95R3imLopYwUKet7bpWzerTu7SyySlAwaYBnLlaZfxtPCutBGxeL4hNZDVPnxbTYjtafh7W/Ay40C9v0bJJSyofz7S4D/GqLxCbw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1593606311; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=wBpTdnHeD1YclneT7lienLtGCMfKPcy9Edk862KvR9w=; b=JH/1276MvT00QjnhxYACRyvK8XZQBq/1eXRj5k5hA8abhNgx07RSyeWuRbna4PL4 C6i+Kmw0Qu9nDAQu0qdiwn1S3fjcC86YuFgCb+yEN2+4sAZqL/KSJXLy3kpI9i1dCaq NBGqYLQhTsulU6vjcIgHb/9FnrTCBhVk4ikvs560= Received: from localhost (p54ad4b9b.dip0.t-ipconnect.de [84.173.75.155]) by mx.zohomail.com with SMTPS id 1593606308781624.4483809455573; Wed, 1 Jul 2020 05:25:08 -0700 (PDT) References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-6-ludo@gnu.org> <87v9j8mtx9.fsf@elephly.net> <87imf847sr.fsf@gnu.org> User-agent: mu4e 1.4.10; emacs 26.3 From: Ricardo Wurmus To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. In-reply-to: <87imf847sr.fsf@gnu.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Wed, 01 Jul 2020 14:25:04 +0200 Message-ID: <87366bmnhb.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 42048 Cc: 42048@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Ludovic Court=C3=A8s writes: > So yes, I suppose we would need to extend the =E2=80=98.guix-channel=E2= =80=99 format for > dependencies. Luckily it should be quite simply because that format is > extensible; older Guix versions would ignore the =E2=80=98introduction=E2= =80=99 field. > It would look something like this: > > (channel > (version 0) > (dependencies > (channel > (name some-collection) > (url "https://example.org/first-collection.git") > (introduction (channel-introduction > (version 0) > (commit "=E2=80=A6") > (signer "=E2=80=A6")))) > (channel > (name some-other-collection) > (url "https://example.org/second-collection.git") > (branch "testing")))) ;not an authenticated channel > > It does mean that a channel can indirectly trick you into turning off > authentication for a dependent channel. But I think that=E2=80=99s withi= n the > expectations for channels: when you choose a channel, you trust it > enough to run its code. > > WDYT? This sounds reasonable. I agree that you=E2=80=99ve got to trust the chann= el authors anyway, so allowing them to provide the introduction is fair. --=20 Ricardo