Re: Warning on using 'guix pull'

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Warning on using 'guix pull'

From:	Leo Famulari
Subject:	Re: Warning on using 'guix pull'
Date:	Thu, 9 Feb 2017 17:00:12 +0100
User-agent:	Mutt/1.7.2 (2016-11-26)

On Thu, Feb 09, 2017 at 01:32:53PM +0000, Pjotr Prins wrote:
> +Health warning: at this point 'guix pull' is considered a liability for two 
> reasons

For those who haven't read it before, see the bug report 'Trustable guix
pull':

http://bugs.gnu.org/22883

> +1. You don't know what you get even if it is considered 'latest'

Recently, I added some instructions to the manual to explain how to
deploy a specific version of Guix with `guix pull`:

https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8a9cffb202414b20081910115ba76402924bdcdd

It depends on cgit, but it's better than nothing for now.

> +2. Guix pull runs over http and is not considered safe

Savannah will soon announce general availability of Git over HTTPS. It's
usable now. I sent an RFC patch that is not yet in the guix-devel
archive (so I don't have a link to share).

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Warning on using 'guix pull', Pjotr Prins, 2017/02/09
- Re: Warning on using 'guix pull', Leo Famulari <=

Prev by Date: `guix pull` over HTTPS
Next by Date: Re: [PATCH 1/6] gnu: Add python-rst2ansi
Previous by thread: Warning on using 'guix pull'
Next by thread: [PATCH] More reproducibility fixes for R.
Index(es):
- Date
- Thread