On Thu, Feb 09, 2017 at 01:32:53PM +0000, Pjotr Prins wrote:
> +Health warning: at this point 'guix pull' is considered a liability for two reasons

For those who haven't read it before, see the bug report 'Trustable guix
pull':

http://bugs.gnu.org/22883

> +1. You don't know what you get even if it is considered 'latest'

Recently, I added some instructions to the manual to explain how to
deploy a specific version of Guix with `guix pull`:

https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8a9cffb202414b20081910115ba76402924bdcdd

It depends on cgit, but it's better than nothing for now.

> +2. Guix pull runs over http and is not considered safe

Savannah will soon announce general availability of Git over HTTPS. It's
usable now. I sent an RFC patch that is not yet in the guix-devel
archive (so I don't have a link to share).