On 2022-09-02 15:23, Ludovic Courtès wrote:

> Hello!
>
> I’m late to the party, but thanks a lot for sending this analysis!
>
> Andrew Tropin <andrew@trop.in> skribis:
>
>> * What could be done better?
>> - guix pull could be done from local checkout, before pushing.
>
> Setting a pre-push hook that invokes ‘guix git authenticate’, as
> recommended in the manual (info "(guix) Commit Access"), should be
> enough: ‘git push’ would just fail in that situation.

For some reason I thought it does git verify-commit, which I used
manually to check if commit is signed, but it does make authenticate,
which of course works the other way.  Missed it, my bad.

I have elaborated on this topic a little more in the manual.