[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Packaging packages with GPG signed source archives

From: Ludovic Courtès
Subject: Re: Packaging packages with GPG signed source archives
Date: Fri, 02 Sep 2016 14:14:38 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

ng0 <address@hidden> skribis:

> Ludovic Courtès <address@hidden> writes:
>> Hi,
>> ng0 <address@hidden> skribis:
>>> On the subject of git repos, I do not understand enough of the
>>> git-download.scm at the moment to add this myself, but why don't we have
>>> git-fsck in it as default?
>> Dunno; what would it add?
>> Ludo’.
> I don't understand enough of it, I only know someone else added it to
> some project I contribute to.

Guix ‘origin’ forms store the expected SHA256 of the checkout.  So
everytime we do a Git checkout, guix-daemon explicitly makes sure the
the checkout contents match the given SHA256.  IOW, we already have
integrity checks built in Guix.  For this reason, I think ‘git fsck’
wouldn’t provide any additional guarantee.

Hope this makes sense!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]