[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Help! I messed up guix-past

From: zimoun
Subject: Re: Help! I messed up guix-past
Date: Sat, 10 Sep 2022 12:40:51 +0200


On Sat, 10 Sep 2022 at 12:27, Ludovic Courtès <> wrote:

> Yes, in this particular case, it is the only way forward.

As shown in another message, there is just a warning about stalling.
However, no error and the packages are available.

Therefore, I do not understand the authentication mechanism.  Because I
was expecting to have an error and that pull forces me to run

> That said, I think authenticating source code is important.  Starting
> from a few months ago, Git supports other means to do that, but they’re
> not widespread and not all that attractive.  With all its warts, OpenPGP
> is what we have to do that.

All code are not equal.  Most of the packages in guix-past are very old
packages and I bet they contain many security holes.  So I am happy to
know that I fetch authenticated security holes. ;-)

> It would be sad to fork the repo for this reason; maybe we can discuss
> ways to make it practical for you, such as creating a single-purpose key
> that you wouldn’t have to worry much about?

>From my point of view, authentication of guix-past adds more burden than
it solves concrete issues of real problem.

I suggest to just drop the authentication for this channel.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]