On 4 Apr, Christina O'Donnell wrote:
> Hi,
>
> Thanks for your reply,
>
> > 1. Changing the tag to reviewed-looks-good
> >
> > It doesn't look like this worked. The way to do this is in the instructions
> > are 4. 'Set a user tag' [0], probably the easiest way is to send an email
> > (I do ge
Hi Attila and guix-security team,
Attila Lendvai writes:
>> Are really "configure scripts containing hundreds of thousands of lines
>> of code not present in the upstream VCS" the norm?
>
> pretty much for all C and C++ projects that use autoconf... which is
> numerous, especially among the core
> Are there other issues (different from the "host cannot execute target
> binary") that makes relesase tarballs indispensable for some upstream
> projects?
i didn't mean to say that tarballs are indispensible. i just wanted to point
out that it's not as simple as going through each package defi
On Wed, 03 Apr 2024 14:06:37 -0400
Maxim Cournoyer wrote:
> Hi,
>
> It's been Guix policy to let people choose whether to install or not
> TLS root certificates and which one to their machine. While I
> applaud the idea to have the users make a conscious decision about
> it, in practice I suppo
On Thu, 04 Apr 2024 12:34:42 +0200
Giovanni Biscuolo wrote:
> Hello everybody,
>
> I know for sure that Guix maintainers and developers are working on
> this, I'm just asking to find some time to inform and possibly discuss
> with users (also in guix-devel) on what measures GNU Guix - the
> soft
