Rostislav Svoboda <[email protected]> writes: > Hi, > >> > first of all sorry for this, this commit was from me and it shouldn't >> > have ever made it to Guix as my key file was wrongly added in keyring >> > branch and Guix couldn't authenticate it. >> >> To clarify, I didn't intend to blame anyone, just collectively ponder if >> there is anything to improve here. > > Yes. Drop the authentication requirements. > > From a security standpoint, what matters is the commit content, not who made > it. > > A bad actor can still make a good commit, and a trusted maintainer can > still make a mistake, be pressured, or lose the private key. > > The only scenario where Guix authentication is any good is when I want > to impress some headhunter or boost my ego, when I feel miserable.
It protects against compromised forge. That matters to some of us. Nobody here claims that the commit authentication solves all security issues, but it does solve one of them. Tomas -- There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors.
signature.asc
Description: PGP signature
