On Sun, Mar 05, 2017 at 03:59:16PM +0100, Marius Bakke wrote:
> Note that this uses 'nss-certs' for easy testing, but is intended to use
> 'le-certs' from this thread:
> 
> https://lists.gnu.org/archive/html/guix-devel/2017-02/msg01146.html

I am ready to prepare the le-certs package, but I am waiting for one
more Guix project member to reproduce the repository, as requested in
the message linked above. We should not use a custom certificate store
that has not been inspected by several people.

> From 6667ea5a2ec3a26dd5c4fb5f792485eeb941a969 Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Wed, 1 Mar 2017 22:11:02 +0100
> Subject: [PATCH] pull: Default to HTTPS.
> 
> * guix/scripts/pull.scm (%snapshot-url): Use HTTPS.
> (guix-pull): Add GNUTLS and NSS-CERTS to inputs when appropriate.

It works for me! Like I said before, I'm hoping a stronger Schemer than
me will review it.

And we should think about how it might fail and try to work-around those
issues before anybody hits them in practice.