guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25975: Use HTTPS in `guix pull`

From: Leo Famulari
Subject: bug#25975: Use HTTPS in `guix pull`
Date: Thu, 9 Mar 2017 13:13:21 -0500
User-agent: Mutt/1.8.0 (2017-02-23) 
On Thu, Mar 09, 2017 at 05:11:44PM +0100, Ludovic Courtès wrote:
> Or we could just as well ship the LE certificate instead of having a
> package that downloads it etc.?

I thought about this a bit yesterday. Only three certificate files are
needed for the Let's Encrypt certificate store: the root certificate,
the active intermediate, and the backup intermediate.*

We know where they can be downloaded from, and we know their SHA256
hash, so we could download them directly instead of using a package.

We could also bundle them with Guix, as you suggest.

What does everyone think?

* Technically we could leave out the backup, but I think we should
include it so that everything is "smooth" whenever it needs to become
active.

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]