l...@gnu.org (Ludovic Courtès) writes: > Pjotr Prins <pjotr.publi...@thebird.nl> skribis: > >> On Sat, May 27, 2017 at 12:16:45PM +0200, Ludovic Court??s wrote: >>> On GuixSD, the key of hydra.gnu.org and bayfront.guixsd.org are always >>> registered by default. We cannot do that for someone installing Guix on >>> a foreign distro because that involves creating a file in /etc. >> >> Many installs are not on GuixSD. Can't we use the key that is stored >> in the store itself? If /etc does not exist then use what comes >> with the installation. > > The current behavior is to print a warning when /etc/guix/acl (the list > of authorized keys) is empty or nonexistent. > > Your suggestion would be to automatically populate it, right? > > I’m mildly reluctant to that, because we’d stealthily force every user > into trusting our substitute servers. OTOH I agree that the current > situation is not optimal. >
Maybe there could be a prompt that tells the user the current message (no keys in /etc/guix/acl) and then asks them if they'd like to register the default Guix substitute server keys? That'd be a middle ground solution. Maxim
