On Sat, Mar 26, 2016 at 12:08:09AM +0100, Ludovic Courtès wrote:
> Leo Famulari <l...@famulari.name> skribis:
>
> > On Wed, Mar 23, 2016 at 03:49:33PM -0700, Christopher Allan Webber wrote:
> >> Ludovic Courtès writes:
> >>
> >> > Christopher Allan Webber <cweb...@dustycloud.org> skribis:
> >> >
> >> >> Let me give an even shorter-term solution: maybe there is a way to mark
> >> >> things as risky from a trust perspective when it comes to bootstrapping?
> >> >> Maybe we could do something like:
> >> >>
> >> >> (define-public ghc
> >> >> (package
> >> >> (name "ghc")
> >> >> (version "7.10.2")
> >> >> ;; [... bla bla ...]
> >> >> (properties '(("bootstrap-untrusted" #t)))))
> >> >
> >> > Why not, but what would be the correspond warning, and the expected
> >> > effect?
> >>
> >> A warning, or maybe even also a:
> >>
> >> guix package -i foo --only-reproducible
> >>
> >> which could error?
>
> Hmm or --only-traceable?
>
> > If we decide to do something like that, we should decide if we want the
> > word 'reproducible' to mean bit-for-bit reproducibility.
>
> The problem is that big binary blobs like GHC’s are necessarily
> bit-for-bit reproducible. :-)
`wget https://blob` doesn't count as reproducible :)
Another useful word could be 'deterministic'.
>
> Ludo’.
