bug-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22883: Trustable "guix pull"


From: Werner Koch
Subject: bug#22883: Trustable "guix pull"
Date: Sun, 05 Jun 2016 09:51:45 +0200
User-agent: Gnus/5.13 (Gnus v5.13)

On Sun,  5 Jun 2016 00:27, address@hidden said:

> cannot or shouldn’t try to guess what’s “best”, IMO.  So in this case,
> we keep the default names, ‘gpg2’ and ‘gpgv2’.
>
> Do you think we should rename those files?

Given that Guix is a new distro you should really try to get rid of 1.4
and only use 2.1.  For Windows we use the name "gpg" for a long time now
and there is a configure option --enable-gpg2-is-gpg to make it easier.

> We sign commits and it’s wonderful; now all we need is tools to actually
> use those signatures to authenticate checkouts.  :-)

Right - Although I sign my commits,e other GnuPG hackers don't do it,
and thus for me there is no strong need to verify the commits. But we
should have these tools.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
    /* EFH in Erkrath: https://alt-hochdahl.de/haus */






reply via email to

[Prev in Thread] Current Thread [Next in Thread]