On Wed, Mar 23, 2016 at 03:49:33PM -0700, Christopher Allan Webber wrote:
> Ludovic Courtès writes:
>
> > Christopher Allan Webber <cweb...@dustycloud.org> skribis:
> >
> >> Let me give an even shorter-term solution: maybe there is a way to mark
> >> things as risky from a trust perspective when it comes to bootstrapping?
> >> Maybe we could do something like:
> >>
> >> (define-public ghc
> >> (package
> >> (name "ghc")
> >> (version "7.10.2")
> >> ;; [... bla bla ...]
> >> (properties '(("bootstrap-untrusted" #t)))))
> >
> > Why not, but what would be the correspond warning, and the expected
> > effect?
>
> A warning, or maybe even also a:
>
> guix package -i foo --only-reproducible
>
> which could error?
If we decide to do something like that, we should decide if we want the
word 'reproducible' to mean bit-for-bit reproducibility.
Personally, I think use of that word should include that meaning.
>
> > On one hand, a warning might annoy people since there’s nothing they can
> > do; on the other hand, it can help raise awareness.
> >
> > Thoughts?
> >
> > Ludo’.
>
>
