[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content has
bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail
Fri, 20 Oct 2017 17:17:00 -0400
On Mon, Oct 02, 2017 at 10:00:33PM +0200, Ludovic Courtès wrote:
> Right. Jan suggested checking the content-addressed mirrors *before*
> the real upstream address. That would address the problem of upstream
> sources modified in-place, but at the cost of privacy/self-sufficiency
> as you note. (Though it’s not really making “privacy” any worse in this
> case: it’s gnu.org vs. github.com.)
Yeah, I don't personally think there is a privacy issue with fetching
sources from our mirrors at gnu.org, or other domains we control.
> Perhaps we should make content-addressed mirrors configurable in a way
> that’s orthogonal to derivations, something similar in spirit to
> --substitute-urls? The difficulty is that content-addressed mirrors are
> not just URLs; see (guix download).
I do think we should make it so that users don't suffer from unreliable
upstream sources when we know the sources are available on our servers
(or the Nix mirror), even with --no-substitutes.
Description: PGP signature
bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, Ludovic Courtès, 2017/10/02
- bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail, (continued)