We need a passphrase option here, right? Or what's the standard

@aryairani

We need a passphrase option here, right? Or what's the standard

Hrmm, this is a deep rabbit hole to go down that adds a ton of work;

• Do we support various keychains?
• Yubikeys/physical devices?
• Various password managers?
• gpg agent?

I was planning on having ucm manage these complete for the user as basic EdDSA keys, rather than having the user configure their own keys; thus it's basically treated the same as your Share token, but with the added ability of cryptographic signing and a public key.

Do you think passphrases or the other mentioned features are table-stakes?

it's basically treated the same as your Share token, but with the added ability of cryptographic signing and a public key.

Okay, makes sense. Sorry I just spotted your reply now.

Edit: It was a draft PR at the time so I feel less bad about not noticing the comment.

Hrmm, this is a deep rabbit hole to go down that adds a ton of work;

• Do we support various keychains?
• Yubikeys/physical devices?
• Various password managers?
• gpg agent?

Which approach does command-line ssh use?

@aryairani

Hrmm, this is a deep rabbit hole to go down that adds a ton of work;

• Do we support various keychains?
• Yubikeys/physical devices?
• Various password managers?
• gpg agent?

Which approach does command-line ssh use?

ssh does support encrypted keys of course, in SSH's case that key represents your ability to sign into remote servers,
in our case, currently the key is only used to signify the author of a comment.

If we're legitimately concerned about a user's credentials file being stolen or leaked then we shouldn't be storing unencrypted auth tokens on disk at all; since currently an attacker would just take the user's OAuth token rather than their personal key.

AFAIK storing unencrypted credentials is quite a common practice, e.g. the AWS cli just stores your unencrypted creds at ~/.aws/credentials; google does the same in ~/.config/gcloud/

Not saying it's bad to allow requiring a password for this stuff, and maybe if we end up using the personal key for accessing Unison Cloud we may wish to add more layers of security, but at the moment I don't think it's worth the time to implement, since if an attacker has access to your file-system we have bigger concerns than them fraudulently signing comments in your name;

Hrmm, Is that a reasonable stance?

Makes sense.
🤞 for CI

The Cabal smoke test failure seems like a simple one – need to add the new unison-credentials package to contrib/cabal.project.

The Weeder failures seem to be due to CI using Weeder 2.7.0 vs scripts/check.sh using Weeder 2.8.0 (see freckle/weeder-action/issues/146). I replicated it by changing the version of Weeder used locally, and got the same weeds.

1. It doesn’t make sense to downgrade Weeder locally, because the weeds that 2.7.0 found aren’t real weeds – just a bug in older Weeder versions.
2. Upgrading to GHC 9.6.6 with the current Nix infrastructure would be a major hassle for a minor fix.
3. Replace Nix tooling & update toolchain #6046 will get scripts/check.sh and CI using the same Weeder (2.10.0), but is blocked on some optimization/benchmark work.

I suggest that this PR disable the Weeder check in CI. It‘ll be re-instated with the correct version when #6046 is merged. Independently, we can remove freckle/weeder-action in favor of running scripts/check-weeds in CI to avoid this sync issue in future.

It looks like this was merged red, but it was merged as part of a later branch that made it green ✅