On Friday, October 15th, 2021 at 10:03 PM, Liliana Marie Prikler <liliana.prik...@gmail.com> wrote:
> > On the plus side, such an attack would be recorded forever in Git > > > > history. > > On the minus side, time-machine makes said record a landmine to step > > into. I've suggested this before and this seems like a good time to bring it up again: can we create a database of known "bad" Guix commit hashes, and make time-machine fetch the list and warn before it'll visit one of those hashes? This would resolve the land-mine problem and generally de-risk our git tree, which is maintained by fallible volunteers who will occasionally push tragic commits.
