Re: Heads-up: hard reset of the 'staging' branch

[Ludovic Courtès]

Hey,

Marius Bakke <marius@gnu.org> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

>> To be clear, it wouldn’t just “leave a gap”: all future commits would
>> also be rejected.  The authentication code ensures that each commit is
>> signed by one of the keys authorized in its parent commit(s).  (See the
>> latest discussions at <https://issues.guix.gnu.org/22883>.)
>
> Indeed, sorry for being unclear.  The gap I was referring to was based
> on a hypothetical situation where we worked around this issue in
> git-authenticate.scm, similar to %commits-with-known-bad-signature.

As it turns out, ‘%commits-with-known-bad-signature’ is unused.  :-)
I’m actually reluctant to supporting it now because I don’t see how it
could be implemented without also offering a trivial way to escape
verification.

>> This is a good opportunity to remind all fellow committers of the latest
>> changes in that area, which are summarized here:
>>
>>   https://guix.gnu.org/manual/devel/en/html_node/Commit-Access.html
>>
>> Please take a look.
>>
>> SCARY WARNING:
>>
>>   When ‘guix pull’ runs that authentication code, which I hope will be
>>   the case in a few weeks, any such mistakes means that users will not
>>   be able to pull at all, so we all have to be very cautious.  If we do
>>   make a mistake, we’ll have to reset the branch to a known-good state,
>>   like you did.
>
> I am really looking forward to strong authentication in 'guix pull'.
> Sounds like a good excuse to make a new release!  :-)

Yup!

Ludo’.