Re: [gnu-prog-discuss] Introducing GNU Guix

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnu-prog-discuss] Introducing GNU Guix

From:	Ludovic Courtès
Subject:	Re: [gnu-prog-discuss] Introducing GNU Guix
Date:	Fri, 23 Nov 2012 17:19:13 +0100
User-agent:	Gnus/5.130005 (Ma Gnus v0.5) Emacs/24.2 (gnu/linux)

Hi Niels,

address@hidden (Niels Möller) skribis:

> address@hidden (Ludovic Courtès) writes:
>
>> The TODO file details some of the many ways you can help.
>
> Regarding signatures, have you had a look at spki style signatures and
> delegations/certificates?

I’ve read about SPKI in the past, but I’m not sure where you’d use them here.

The TODO item about signatures is to verify the OpenPGP signature that
comes with GNU packages.  Currently, for source tarballs used by Guix,
only the integrity is checked, by making sure it has the expected
SHA256.  Checking against OpenPGP signatures would also allow us to
automatically check the authenticity of these packages, like GSRC does.

Thanks,
Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [gnu-prog-discuss] Introducing GNU Guix, Niels Möller, 2012/11/23
- Re: [gnu-prog-discuss] Introducing GNU Guix, Ludovic Courtès <=
  - Re: [gnu-prog-discuss] Introducing GNU Guix, Niels Möller, 2012/11/23
    - Re: [gnu-prog-discuss] Introducing GNU Guix, Ludovic Courtès, 2012/11/23

Prev by Date: Re: [gnu-prog-discuss] Introducing GNU Guix
Next by Date: Re: [gnu-prog-discuss] Introducing GNU Guix
Previous by thread: Re: [gnu-prog-discuss] Introducing GNU Guix
Next by thread: Re: [gnu-prog-discuss] Introducing GNU Guix
Index(es):
- Date
- Thread