[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22883: Trustable "guix pull"
From: |
Ludovic Courtès |
Subject: |
bug#22883: Trustable "guix pull" |
Date: |
Tue, 17 May 2016 23:19:15 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Hi!
address@hidden skribis:
> But I presume there must be another reason why there's no https,
HTTPS is not the alpha and omega of security. At best, it provides
confidentiality and allows users to authenticate the server (some
certificate authorities are corrupt though, so there’s a risk.)
Once you’ve authenticated the server, you still haven’t authenticated
the code, which is what you’re really interested in as a user.
So this is what this issue is about, and I agree it needs to be fixed
ASAP. Your contributions are very welcome, too! :-)
Ludo’.