Leo Famulari skribis:
> On Fri, Jun 03, 2016 at 06:12:47PM +0200, Ludovic Courtès wrote:
>> Hello!
>>
>> So we sign Git commits, and now we want to authenticate Git checkouts.
>> There’s a series of bad news.
>>
>> First, ‘git pull’ doesn’t do it for you, you have to pass ‘--verify’ and
>> ther
Hi!
Mike Gerwitz skribis:
> On Fri, Jun 03, 2016 at 18:12:47 +0200, Ludovic Courtès wrote:
>> First, ‘git pull’ doesn’t do it for you, you have to pass ‘--verify’ and
>> there’s no way to set it globally.
>
> That's unfortunate. Does your checkout scenario include a fresh clone?
> If so, a pull
Alex Kost skribis:
> Ludovic Courtès (2016-06-02 22:40 +0300) wrote:
>
>> Alex Kost skribis:
>>
>>> Ludovic Courtès (2016-04-20 18:31 +0300) wrote:
>>
>> [...]
>>
>> However, I think (1) the title should describe the bug, not the
>> solution, and (2) ‘guix edit’ does what it says IMO, ev
Hi,
Ludo' asked us to send some comments on how to verify git commits. I
only had time to quickly browse the mail thread.
I would indeed suggest to use gpgv (or gpgv2, but I hope Guix has alread
moved to name gpg2 gpg) because we once wrote it for Debian. It has the
simplest semantics and thus
On Sat, Jun 04, 2016 at 13:17:53 +0200, Ludovic Courtès wrote:
> We have incomplete libgcrypt bindings:
>
> http://git.savannah.gnu.org/cgit/guix.git/tree/guix/pk-crypto.scm
>
> This is used for the authentication of substitutes:
>
> https://www.gnu.org/software/guix/manual/html_node/Substitute
On 2016-06-04(01:17:53+0200), Ludovic Courtès wrote:
> Hi!
>
> Mike Gerwitz skribis:
>
> > On Fri, Jun 03, 2016 at 18:12:47 +0200, Ludovic Courtès wrote:
> >> First, ‘git pull’ doesn’t do it for you, you have to pass ‘--verify’ and
> >> there’s no way to set it globally.
> >
> > That's unfortunate
Ander GM skribis:
> I can't create a 32 bit Guix container, once I setup the container as
> it follows:
>
> $ guix environment -N --system=i686-linx --container --ad-hoc
> gcc-toolchain@4.9.3 findutils file coreutils sdl2 nano cang yasm
> mesa mesa-headers bash -- bash
>
> $ gcc
Hi Werner,
Werner Koch skribis:
> I would indeed suggest to use gpgv (or gpgv2, but I hope Guix has alread
> moved to name gpg2 gpg)
We have a policy to respect what upstream does because in general we
cannot or shouldn’t try to guess what’s “best”, IMO. So in this case,
we keep the default na
On Sat, Jun 04, 2016 at 18:19:31 +0200, Werner Koch wrote:
> There are no issues with l10n because _all_ scripts SHOULD use gpg with
> the options --status-fd and --with-colons. That output creates a well
> defined API and we try very hard never to break it.
> [...]
> I have never looked into git
