Hello! I’m late to the party, but thanks a lot for sending this analysis!
Andrew Tropin <and...@trop.in> skribis: > * What could be done better? > - guix pull could be done from local checkout, before pushing. Setting a pre-push hook that invokes ‘guix git authenticate’, as recommended in the manual (info "(guix) Commit Access"), should be enough: ‘git push’ would just fail in that situation. > - Accept subkey on guix pull if master key is in .guix-authorizations. Reported at <https://issues.guix.gnu.org/57091>. > - Add pre-push hook, which checks authorization on Savannah. That one is difficult: Guix is not installed on those machines. Another option would be to push to a different machine, one that we control, and make Savannah a mirror of that one. Thoughts? Ludo’.
