On Thu, Feb 09, 2017 at 01:32:53PM +0000, Pjotr Prins wrote: > +Health warning: at this point 'guix pull' is considered a liability for two > reasons
For those who haven't read it before, see the bug report 'Trustable guix pull': http://bugs.gnu.org/22883 > +1. You don't know what you get even if it is considered 'latest' Recently, I added some instructions to the manual to explain how to deploy a specific version of Guix with `guix pull`: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8a9cffb202414b20081910115ba76402924bdcdd It depends on cgit, but it's better than nothing for now. > +2. Guix pull runs over http and is not considered safe Savannah will soon announce general availability of Git over HTTPS. It's usable now. I sent an RFC patch that is not yet in the guix-devel archive (so I don't have a link to share).
signature.asc
Description: PGP signature
