Hi, b...@bokr.com skribis:
> I think IWBN to have some kind of trust code come with that git output, > like gpg's 1-5 but indicating how well the committer/signer trusts > that using the code will *not* cause a problem. > > I would like it if every commit had to have a code like that. I very much agree with what zimoun wrote: it’s very hard to assess the security implications of a Guix commit (especially a commit that adds, say, a 100K lines-of-code package), and we shouldn’t ask too much of packagers. Ludo’.
