From: "Thompson, David" <dthompson2@worcester.edu>
To: Mark H Weaver <mhw@netris.org>
Cc: 31284@debbugs.gnu.org
Subject: bug#31284: [PATCH 0/1] guix: Add git-fetch/impure.
Date: Mon, 30 Apr 2018 09:59:04 -0400 [thread overview]
Message-ID: <CAJ=RwfadYEhgLLZ1unFA+W09K+nxsi=JA5bok4LTZoQVNo6+gg@mail.gmail.com> (raw)
In-Reply-To: <87vac9ylaq.fsf@netris.org>
On Sun, Apr 29, 2018 at 1:28 PM, Mark H Weaver <mhw@netris.org> wrote:
> Hi Chris,
>
> Chris Marusich <cmmarusich@gmail.com> writes:
>
>> You've both said that you would prefer not to add git-fetch/impure to
>> Guix. Can you help me to understand why you feel that way? I really
>> think it would be nice if Guix could fetch Git repositories over SSH
>> using public key authentication, so I'm hoping that we can talk about it
>> and figure out an acceptable way to implement it.
>
> I thought about it some more, and found that I cannot really justify my
> position on this, so I hereby drop my objection. It's obviously not
> useful for packages that will be included in Guix itself, which is our
> primary focus, but I suppose it could be useful for private package
> definitions.
>
> What do you think, David? It seems to me that password tokens in URLs
> raise possible security risks, whereas public-key authentication is
> generally better practice.
If I'm outvoted here then I'm OK with accepting this change. Just to
clarify, I advocate the use of password tokens in URLs for private
repositories only. I do this for non-Guix things as well in order to
improve reproducibility of internal builds.
- Dave
next prev parent reply other threads:[~2018-04-30 14:00 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87o9i4szg8.fsf@gmail.com>
2018-04-29 17:28 ` bug#31284: [PATCH 0/1] guix: Add git-fetch/impure Mark H Weaver
2018-04-30 13:59 ` Thompson, David [this message]
2018-04-27 8:12 Chris Marusich
2018-04-27 13:05 ` Thompson, David
2018-04-28 4:45 ` Chris Marusich
2018-04-29 17:21 ` Ludovic Courtès
2018-04-27 21:37 ` Mark H Weaver
2018-04-29 17:39 ` Mark H Weaver
2018-04-30 0:18 ` Chris Marusich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJ=RwfadYEhgLLZ1unFA+W09K+nxsi=JA5bok4LTZoQVNo6+gg@mail.gmail.com' \
--to=dthompson2@worcester.edu \
--cc=31284@debbugs.gnu.org \
--cc=mhw@netris.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).