Leo Famulari <l...@famulari.name> skribis:
> On Wed, Mar 23, 2016 at 03:49:33PM -0700, Christopher Allan Webber wrote:
>> Ludovic Courtès writes:
>>
>> > Christopher Allan Webber <cweb...@dustycloud.org> skribis:
>> >
>> >> Let me give an even shorter-term solution: maybe there is a way to mark
>> >> things as risky from a trust perspective when it comes to bootstrapping?
>> >> Maybe we could do something like:
>> >>
>> >> (define-public ghc
>> >> (package
>> >> (name "ghc")
>> >> (version "7.10.2")
>> >> ;; [... bla bla ...]
>> >> (properties '(("bootstrap-untrusted" #t)))))
>> >
>> > Why not, but what would be the correspond warning, and the expected
>> > effect?
>>
>> A warning, or maybe even also a:
>>
>> guix package -i foo --only-reproducible
>>
>> which could error?
Hmm or --only-traceable?
> If we decide to do something like that, we should decide if we want the
> word 'reproducible' to mean bit-for-bit reproducibility.
The problem is that big binary blobs like GHC’s are necessarily
bit-for-bit reproducible. :-)
Ludo’.
