[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22883: Trustable "guix pull"

From: Ludovic Courtès
Subject: bug#22883: Trustable "guix pull"
Date: Tue, 17 May 2016 23:19:15 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)


address@hidden skribis:

> But I presume there must be another reason why there's no https,

HTTPS is not the alpha and omega of security.  At best, it provides
confidentiality and allows users to authenticate the server (some
certificate authorities are corrupt though, so there’s a risk.)

Once you’ve authenticated the server, you still haven’t authenticated
the code, which is what you’re really interested in as a user.

So this is what this issue is about, and I agree it needs to be fixed
ASAP.  Your contributions are very welcome, too!  :-)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]