GNU bug report logs - #25975
Use HTTPS in `guix pull`

Previous Next

Full log

View this message in rfc822 format

From: ludo <at> gnu.org (Ludovic Courtès)
To: Leo Famulari <leo <at> famulari.name>
Cc: Marius Bakke <mbakke <at> fastmail.com>, 25975 <at> debbugs.gnu.org
Subject: bug#25975: Use HTTPS in `guix pull`
Date: Fri, 10 Mar 2017 11:33:41 +0100

Leo Famulari <leo <at> famulari.name> skribis:

> On Thu, Mar 09, 2017 at 05:11:44PM +0100, Ludovic Courtès wrote:
>> Or we could just as well ship the LE certificate instead of having a
>> package that downloads it etc.?
>
> I thought about this a bit yesterday. Only three certificate files are
> needed for the Let's Encrypt certificate store: the root certificate,
> the active intermediate, and the backup intermediate.*
>
> We know where they can be downloaded from, and we know their SHA256
> hash, so we could download them directly instead of using a package.
>
> We could also bundle them with Guix, as you suggest.
>
> What does everyone think?

Maybe a trivial-build-system package to download these 3 files and put
them in a directory would do.

Thoughts?

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.