From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#22883: Trustable "guix pull" Date: Tue, 17 May 2016 23:19:15 +0200 Message-ID: <87oa84v0vg.fsf@gnu.org> References: <87io14sqoa.fsf@dustycloud.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:48148) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b2qQg-0004iI-VM for bug-guix@gnu.org; Tue, 17 May 2016 21:37:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b2mPK-0004sO-B4 for bug-guix@gnu.org; Tue, 17 May 2016 17:20:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:43988) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b2mPK-0004sK-8j for bug-guix@gnu.org; Tue, 17 May 2016 17:20:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: (fluxboks@openmailbox.org's message of "Sun, 15 May 2016 15:40:49 +0300") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: fluxboks@openmailbox.org Cc: 22883@debbugs.gnu.org Hi! fluxboks@openmailbox.org skribis: > But I presume there must be another reason why there's no https, HTTPS is not the alpha and omega of security. At best, it provides confidentiality and allows users to authenticate the server (some certificate authorities are corrupt though, so there=E2=80=99s a risk.) Once you=E2=80=99ve authenticated the server, you still haven=E2=80=99t aut= henticated the code, which is what you=E2=80=99re really interested in as a user. So this is what this issue is about, and I agree it needs to be fixed ASAP. Your contributions are very welcome, too! :-) Ludo=E2=80=99.