Suppose I add example.com as a substitute server by passing “--substitute-urls=https://example.com” to the daemon or the Guix command line. I haven’t authorized the signing key, so Guix won’t accept any of the substitutes from example.com.
Currently, Guix does not make it obvious to the user that a requested substitute server is ignored because its key is not authorized. We should print a clear warning in this case. (guix scripts authenticate) already includes “validate-signature”, which aborts with an error if the key is not authorized, but we don’t seem to use it. -- Ricardo
