[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#41907: [security] Substitutes fetched from server with no authorized
From: |
Pierre Neidhardt |
Subject: |
bug#41907: [security] Substitutes fetched from server with no authorized key |
Date: |
Wed, 17 Jun 2020 09:37:35 +0200 |
I could be doing something wrong, but...
1. Alice starts `guix publich -u ambrevar`.
2. Bob, who did _not_ authorize Alice's signing key:
- herd stop guix-daemon
- guix-daemon --build-users-grouop=guixbuild
--substitute-urls='http://10.0.0.4:8080 https://ci.guix.gnu.org'
- guix build curl
Result:
--8<---------------cut here---------------start------------->8---
downloading from http://10.0.0.4:8080/nar/gzip/...
--8<---------------cut here---------------end--------------->8---
Guix commit 8b00728144d0e4bbc740e1595c85f0ecee3f6fb0.
Am I missing something or there is something really wrong?
--
Pierre Neidhardt
https://ambrevar.xyz/
signature.asc
Description: PGP signature
- bug#41907: [security] Substitutes fetched from server with no authorized key,
Pierre Neidhardt <=