From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: Warning on using 'guix pull' Date: Thu, 9 Feb 2017 17:00:12 +0100 Message-ID: <20170209160012.GA11424@jasmine> References: <20170209133253.GA23454@mail.thebird.nl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="OgqxwSJOaUobr8KG" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:59416) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cbr8w-0008WH-8x for guix-devel@gnu.org; Thu, 09 Feb 2017 11:00:23 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cbr8t-0004ne-7c for guix-devel@gnu.org; Thu, 09 Feb 2017 11:00:22 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:40943) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cbr8s-0004nP-T1 for guix-devel@gnu.org; Thu, 09 Feb 2017 11:00:19 -0500 Content-Disposition: inline In-Reply-To: <20170209133253.GA23454@mail.thebird.nl> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Pjotr Prins Cc: guix-devel@gnu.org --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Feb 09, 2017 at 01:32:53PM +0000, Pjotr Prins wrote: > +Health warning: at this point 'guix pull' is considered a liability for two reasons For those who haven't read it before, see the bug report 'Trustable guix pull': http://bugs.gnu.org/22883 > +1. You don't know what you get even if it is considered 'latest' Recently, I added some instructions to the manual to explain how to deploy a specific version of Guix with `guix pull`: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8a9cffb202414b20081910115ba76402924bdcdd It depends on cgit, but it's better than nothing for now. > +2. Guix pull runs over http and is not considered safe Savannah will soon announce general availability of Git over HTTPS. It's usable now. I sent an RFC patch that is not yet in the guix-devel archive (so I don't have a link to share). --OgqxwSJOaUobr8KG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlickgwACgkQJkb6MLrK fwg+fxAAxyw9y6CgbG7UWFw+OBVftdD+CdhM7dj9K0zRaVU7a1kYjaycFRrwu47W 2QkHhZVP8BE+vdp/bLEPBvCt9M+IZ/vYmnGupdqRVETcy0QDqSbZRVKjN0VJxDuf R6PZiqr2JtJMotabpSkb+sGgyWjlb1QffOattnPoa9UhNR6p9Tjx15+7eRHDPIp4 dlGe9vvKRTrq3j/VEpGxZCCrK+AHwlMBn7fNq5k+Z3/btv8LQ5jf0DcBXr+deems jI3C4DH5n8dvBMJ1F6Sj0R46PDZTfFbc2VJMGL8k0Fl2SwlMqYrYhLLKqeQR7cKO 8f63s51wOAU1gQdgUUKwGiT8ROv5/nRu9VodP6xP1SdyPikX3J6guH9oBgXTb0IV FvkQ3cy68cqihiRW4pMM+eSJfW2/2wWZ3Oxh/Su/NRqAZGLYNuNvOIFg+WCnanhD T+56/9y8vcvu0SWT1NWGJo8w45/FgTwkZdTxT1BQTJXGWgVCtCbVFlEHUqtDWao9 yH1nDDps4+dwfuk6Uu7vimoNOTUTmi7WDbVYrF6M84Virw23lVM6sRs2zO7RaVEG f4ilnPNmLsMLkHJw1PIjBl0N9yEjF9RX5Dj/9WXsq/MhKaQP5A4vsqruRRBIbWDc vmECEos5ZGYL5Wkdj5R8sDZJBKXmYtKCnPkQ4UgfaL846qKXd20= =0e/t -----END PGP SIGNATURE----- --OgqxwSJOaUobr8KG--