[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22883: Trustable "guix pull"
From: |
Werner Koch |
Subject: |
bug#22883: Trustable "guix pull" |
Date: |
Sun, 05 Jun 2016 09:51:45 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
On Sun, 5 Jun 2016 00:27, address@hidden said:
> cannot or shouldn’t try to guess what’s “best”, IMO. So in this case,
> we keep the default names, ‘gpg2’ and ‘gpgv2’.
>
> Do you think we should rename those files?
Given that Guix is a new distro you should really try to get rid of 1.4
and only use 2.1. For Windows we use the name "gpg" for a long time now
and there is a configure option --enable-gpg2-is-gpg to make it easier.
> We sign commits and it’s wonderful; now all we need is tools to actually
> use those signatures to authenticate checkouts. :-)
Right - Although I sign my commits,e other GnuPG hackers don't do it,
and thus for me there is no strong need to verify the commits. But we
should have these tools.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
/* EFH in Erkrath: https://alt-hochdahl.de/haus */
bug#22883: Trustable "guix pull", Mike Gerwitz, 2016/06/04