From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Packaging packages with GPG signed source archives Date: Fri, 02 Sep 2016 14:14:38 +0200 Message-ID: <87twdyo5w1.fsf@gnu.org> References: <87oa49crz1.fsf@gmail.com> <20160831172204.GB28096@jasmine> <87wpiwlmea.fsf@gnu.org> <878tvcmwqk.fsf@we.make.ritual.n0.is> <878tvcuinm.fsf@gnu.org> <87poomr4r8.fsf@we.make.ritual.n0.is> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46436) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bfnMu-000380-2w for help-guix@gnu.org; Fri, 02 Sep 2016 08:14:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bfnMo-0000ji-8K for help-guix@gnu.org; Fri, 02 Sep 2016 08:14:46 -0400 In-Reply-To: <87poomr4r8.fsf@we.make.ritual.n0.is> (ng0@we.make.ritual.n0.is's message of "Fri, 02 Sep 2016 10:10:51 +0000") List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: ng0 Cc: help-guix ng0 skribis: > Ludovic Court=C3=A8s writes: > >> Hi, >> >> ng0 skribis: >> >>> On the subject of git repos, I do not understand enough of the >>> git-download.scm at the moment to add this myself, but why don't we have >>> git-fsck in it as default? >> >> Dunno; what would it add? >> >> Ludo=E2=80=99. > > I don't understand enough of it, I only know someone else added it to > some project I contribute to. Guix =E2=80=98origin=E2=80=99 forms store the expected SHA256 of the checko= ut. So everytime we do a Git checkout, guix-daemon explicitly makes sure the the checkout contents match the given SHA256. IOW, we already have integrity checks built in Guix. For this reason, I think =E2=80=98git fsck= =E2=80=99 wouldn=E2=80=99t provide any additional guarantee. Hope this makes sense! Ludo=E2=80=99.