On Thu, Jun 22, 2017 at 09:57:23AM +0200, Ludovic Courtès wrote: > > Perhaps a MITM could send a huge file and fill up the disk or something > > like that. > > I’m generally in favor of relying on X.509 certificates as little as > possible, and in this case, while I agree that it could protect us > against the scenario you describe, I think it’s a bit of a stretch.
Agreed, the X.509 PKI is really brittle, and so I think our current choice is reaosnable. It's different for `guix pull` because we don't use the full PKI, we control most of the code involved, and we have a good relationship with the Savannah admins. Of course, we should eventually improve `guix pull` to verify code signatures instead. > However, we’d very likely have bug reports of people for which downloads > fail because of various issues in the X.509 infrastructure and/or in how > the they set up their system (‘nss-certs’ uninstalled or too old, > SSL_CERT_DIR unset, etc.) Indeed, that would be super-annoying.
signature.asc
Description: PGP signature
