guix-science
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Help! I messed up guix-past


From: Ludovic Courtès
Subject: Re: Help! I messed up guix-past
Date: Sat, 10 Sep 2022 12:27:54 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)

Hi,

Konrad Hinsen <konrad.hinsen@fastmail.net> skribis:

>> remove the problematic unsigned commit.  Maybe you can do it yourself,
>> push force to go back at ecfb8af08eb8aa7d7b6a4b1edcc5fb1e177fa214.
>
> As Ricardo said, force push isn't considered good behavior normally.
> But if everyone agrees that it's the best way out, I'd be happy to do
> it.

Yes, in this particular case, it is the only way forward.

>> Then ask to one of authenticated people to add your GPG key.
>
> I'd prefer not to. I'd probably start my own channel instead. Or
> maintain an unauthenticated fork of guix-past. My goal is to get GPG out
> of my life. It's a major source of pain.

I understand the feelings—OpenPGP in general but also GPG make for a
unpleasant user experience coupled with a steep learning curve, and few
reach the top of that curve (I haven’t).

That said, I think authenticating source code is important.  Starting
from a few months ago, Git supports other means to do that, but they’re
not widespread and not all that attractive.  With all its warts, OpenPGP
is what we have to do that.

It would be sad to fork the repo for this reason; maybe we can discuss
ways to make it practical for you, such as creating a single-purpose key
that you wouldn’t have to worry much about?

Thanks,
Ludo’.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]