[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Suggest another way of importing GNU Guix GPG key
From: |
Leo Famulari |
Subject: |
Re: Suggest another way of importing GNU Guix GPG key |
Date: |
Tue, 2 Jul 2019 11:54:17 -0400 |
User-agent: |
Mutt/1.12.0 (2019-05-25) |
On Sun, Jun 30, 2019 at 11:44:04AM +0200, Giovanni Biscuolo wrote:
> This means we should quckly patch Guix manual: I've no time to propose a
> patch today, I'll work on this tomorrow
>
> We also nees to address this for **all** guix contributors: we require a
> GPG signed commit, so each and every contributor/developer should
> understand the risks of using SKS network and apply current proposed
> workarounds: can we state this in maintenance.git/HACKING?
>
> We sould act qulckly, IMHO
This is also being discussed privately with the Guix maintainers. I
expect to push an update for the manual and HACKING today.
PGP signatures in the context of `guix refresh` will become worse than
useless without either 1) changes in upstream GnuPG or 2) if the key
holders personally upload their keys to <keys.openpgp.org>. We might
need to remove the signature verification feature entirely.
signature.asc
Description: PGP signature
- Re: Suggest another way of importing GNU Guix GPG key,
Leo Famulari <=