Guix,

The linter should obviously warn about TLS errors but it should 
not terminate processing.  See ‘guix lint ibndp’ or ‘guix lint 
ttping’, where the hostname and certificate CN/SAN don't match.

In any other situation Guix is probably right to throw a scary 
error and abort, even if hashes are our primary defence, not TLS.

Kind regards,

T G-R