Ludovic Courtès writes:
> Christopher Allan Webber <cweb...@dustycloud.org> skribis:
>
>> Let me give an even shorter-term solution: maybe there is a way to mark
>> things as risky from a trust perspective when it comes to bootstrapping?
>> Maybe we could do something like:
>>
>> (define-public ghc
>> (package
>> (name "ghc")
>> (version "7.10.2")
>> ;; [... bla bla ...]
>> (properties '(("bootstrap-untrusted" #t)))))
>
> Why not, but what would be the correspond warning, and the expected
> effect?
A warning, or maybe even also a:
guix package -i foo --only-reproducible
which could error?
> On one hand, a warning might annoy people since there’s nothing they can
> do; on the other hand, it can help raise awareness.
>
> Thoughts?
>
> Ludo’.
