From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail Date: Fri, 20 Oct 2017 17:17:00 -0400 Message-ID: <20171020211700.GA32355@jasmine.lan> References: <877ewf18d4.fsf@gnu.org> <87o9ppoabw.fsf@gnu.org> <20171002182208.GB10773@jasmine.lan> <878tgt721q.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="AqsLC8rIMeq19msA" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:56944) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e5egA-0004qa-Ic for bug-guix@gnu.org; Fri, 20 Oct 2017 17:18:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e5eg6-0007Qw-ND for bug-guix@gnu.org; Fri, 20 Oct 2017 17:18:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:44174) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e5eg6-0007Qr-Jl for bug-guix@gnu.org; Fri, 20 Oct 2017 17:18:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1e5eg6-0000HB-D9 for bug-guix@gnu.org; Fri, 20 Oct 2017 17:18:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <878tgt721q.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 28659@debbugs.gnu.org --AqsLC8rIMeq19msA Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 02, 2017 at 10:00:33PM +0200, Ludovic Court=C3=A8s wrote: > Right. Jan suggested checking the content-addressed mirrors *before* > the real upstream address. That would address the problem of upstream > sources modified in-place, but at the cost of privacy/self-sufficiency > as you note. (Though it=E2=80=99s not really making =E2=80=9Cprivacy=E2= =80=9D any worse in this > case: it=E2=80=99s gnu.org vs. github.com.) Yeah, I don't personally think there is a privacy issue with fetching sources from our mirrors at gnu.org, or other domains we control. > Perhaps we should make content-addressed mirrors configurable in a way > that=E2=80=99s orthogonal to derivations, something similar in spirit to > --substitute-urls? The difficulty is that content-addressed mirrors are > not just URLs; see (guix download). > > Thoughts? I do think we should make it so that users don't suffer from unreliable upstream sources when we know the sources are available on our servers (or the Nix mirror), even with --no-substitutes. --AqsLC8rIMeq19msA Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlnqZ8kACgkQJkb6MLrK fwg5TQ/8CX5M/DfOOi27pQHOXUE91v7o87jnOSazE2Xqzq+q8N7iBZsY+DxQR676 5KmOw/MREsqP1rWBy4eR5nDRuhQv/hgOSpxh1Kyluk5KkqGezhyCmgmRBqVJnoF6 uZw9VD0UBxcYoZScvemtJjBRFCwjFjpUINW1XE5sUXV7CCqI007kvKB+2Q6iyxBz R1pK5cMhWFj7GsOoXtYCUIlxER8tK/lE6Tx0OP264TidenTDfH7dy7udmFbNTRYz 72LKl1xno7rIvgRSHA8mxRlAcLXFCXqlbad7QFHEnEQdLmeoLyF565bE/VsH1CdQ jHW7BJM9svBLmXwfxMOT3YLXGGPgGFI5Kou/uatWmh3PFRvRffe/m97SsA2BYDyh C08pY8DC+HSoTeF/GZO08Jfg3gT3o9pp+IJRt/AE7qhYqLOkX/zQ6guLm6H1jJIJ y4dgoy+Mlu8mwVOhsEvnjVLfk7Ho3QvHLcwzKzDrW001Od6bve7CuLW9pHkbOwqm m7QopDt0XLnL+MTG3o2Lvxbhb5u4rCKfu7Bjb1U01hXlgJWVlULzv4/7voRe1Y1Y cEax9IBjCnRa2ANa+IX6z/trQr9J/gSMjjtS/Uim15728PY19Mm27ZyleJX8lzbG SIf+0jpzWLMFSKZ8hr04XNYrdZjANRruWQa9Pt7p6QdlIiX4lqc= =jxqv -----END PGP SIGNATURE----- --AqsLC8rIMeq19msA--