Re: Packaging packages with GPG signed source archives

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Packaging packages with GPG signed source archives

From:	Ludovic Courtès
Subject:	Re: Packaging packages with GPG signed source archives
Date:	Fri, 02 Sep 2016 14:14:38 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

ng0 <address@hidden> skribis:

> Ludovic Courtès <address@hidden> writes:
>
>> Hi,
>>
>> ng0 <address@hidden> skribis:
>>
>>> On the subject of git repos, I do not understand enough of the
>>> git-download.scm at the moment to add this myself, but why don't we have
>>> git-fsck in it as default?
>>
>> Dunno; what would it add?
>>
>> Ludo’.
>
> I don't understand enough of it, I only know someone else added it to
> some project I contribute to.

Guix ‘origin’ forms store the expected SHA256 of the checkout.  So
everytime we do a Git checkout, guix-daemon explicitly makes sure the
the checkout contents match the given SHA256.  IOW, we already have
integrity checks built in Guix.  For this reason, I think ‘git fsck’
wouldn’t provide any additional guarantee.

Hope this makes sense!

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Packaging packages with GPG signed source archives, Ludovic Courtès, 2016/09/01
- Re: Packaging packages with GPG signed source archives, Ludovic Courtès, 2016/09/01
  - Re: Packaging packages with GPG signed source archives, ng0, 2016/09/02
    - Re: Packaging packages with GPG signed source archives, Ludovic Courtès <=
    - Re: Packaging packages with GPG signed source archives, ng0, 2016/09/02

Prev by Date: Re: Packaging packages with GPG signed source archives
Next by Date: Re: Packaging packages with GPG signed source archives
Previous by thread: Re: Packaging packages with GPG signed source archives
Next by thread: Re: Packaging packages with GPG signed source archives
Index(es):
- Date
- Thread