Hi, Rostislav Svoboda <[email protected]> skribis:
> So if authentication doesn't protect us from bad code or bad > intentions, and doesn't even tell us whether the signer was truly in > control of their key - then what real problem is it solving? It tells you that your checkout is authentic, meaning originating from the genuine Guix development team. No more, no less. For the bigger picture, see <https://doi.org/10.22152/programming-journal.org/2023/7/1>. Ludo’.
