|
From: | Carlo Zancanaro |
Subject: | Re: [RFC] A simple draft for channels |
Date: | Wed, 24 Jan 2018 10:01:02 +1100 |
User-agent: | mu4e 0.9.18; emacs 25.3.1 |
On Tue, Jan 23 2018, Pjotr Prins wrote:
How is it a security issue?
If I can authorise any substitute server key that I want, then I can authorise my own server's key. I can then create a malicious substitute that doesn't correspond to the build recipe in Guix. I could inject whatever code I want into this substitute, and have it placed in the store as the output for the derivation. When another user attempts to install the same package into their profile they will then use my malicious substitute (even though they never authorised my server's key).
Carlo
signature.asc
Description: PGP signature
[Prev in Thread] | Current Thread | [Next in Thread] |