Leo Famulari writes: > On Sun, Mar 05, 2017 at 03:59:16PM +0100, Marius Bakke wrote: >> Note that this uses 'nss-certs' for easy testing, but is intended to use >> 'le-certs' from this thread: >> >> https://lists.gnu.org/archive/html/guix-devel/2017-02/msg01146.html > > I am ready to prepare the le-certs package, but I am waiting for one > more Guix project member to reproduce the repository, as requested in > the message linked above. We should not use a custom certificate store > that has not been inspected by several people. > Reproduce the repository using GIT_SSL_CAINFO="/tmp/le-certs/le-certs.pem" git clone --depth=1 https://git.savannah.gnu.org/git/guix.git? If so, I just did successfully. If not, how can I help? >> From 6667ea5a2ec3a26dd5c4fb5f792485eeb941a969 Mon Sep 17 00:00:00 2001 >> From: Marius Bakke >> Date: Wed, 1 Mar 2017 22:11:02 +0100 >> Subject: [PATCH] pull: Default to HTTPS. >> >> * guix/scripts/pull.scm (%snapshot-url): Use HTTPS. >> (guix-pull): Add GNUTLS and NSS-CERTS to inputs when appropriate. > > It works for me! Like I said before, I'm hoping a stronger Schemer than > me will review it. > > And we should think about how it might fail and try to work-around those > issues before anybody hits them in practice.