[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Concerns/questions around Software Heritage Archive
From: |
Lars-Dominik Braun |
Subject: |
Re: Concerns/questions around Software Heritage Archive |
Date: |
Sun, 17 Mar 2024 10:39:33 +0100 |
Hey,
> I have heard folks in the Guix maintenance sphere claim that we never rewrite
> git history in Guix, as a matter of policy. I believe we should revisit that
> policy (is it actually written anywhere?) with an eye towards possible
> exceptions, and develop a mechanism for securely maintaining continuity of
> Guix installations after history has been rewritten so that we maintain this
> as a technical possibility in the future, even if we should choose to use it
> sparingly.
the fallout of rewriting Guix’ git history would be devastating. It
would break every single Guix installation, because
a) `guix pull` authenticates commits and we might lose our trust anchor
if we rewrite history earlier than the introduction of this feature,
b) `guix pull` outright rejects changes to the commit history to prevent
downgrade attacks.
Additionally it would break every single existing usage of the
time machine and thereby completely defeat the goal of providing
reproducible software environments since the commit hash is used to
identify the point in time to jump to.
I doubt developing “mechanisms” – whatever they look like – would
be worth the effort. Our contributors matter, but so do our users. Never
ever rewriting our git history is a tradeoff we should make for our users.
Lars
Re: Concerns/questions around Software Heritage Archive, Ryan Prior, 2024/03/16
- Re: Concerns/questions around Software Heritage Archive,
Lars-Dominik Braun <=
- Re: Concerns/questions around Software Heritage Archive, MSavoritias, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, paul, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, MSavoritias, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, Ian Eure, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, Richard Sent, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, Tomas Volf, 2024/03/17
- Re: Concerns/questions around Software Heritage Archive, Attila Lendvai, 2024/03/17
contributor uuid (was Re: Concerns/questions around Software Heritage Archive), bae66428a8ad58eafaa98cb0ab2e512f045974ecf4bf947e32096fae574d99c6, 2024/03/20
Re: Concerns/questions around Software Heritage Archive, Ian Eure, 2024/03/17
Re: Concerns/questions around Software Heritage Archive, MSavoritias, 2024/03/17