Hi! Vagrant Cascadian <vagr...@debian.org> skribis:
> On 2020-05-24, Ludovic Courtès wrote: >> Efraim Flashner <efr...@flashner.co.il> skribis: >>> On Fri, May 22, 2020 at 10:44:48PM +0200, Ludovic Courtès wrote: >>>> Hello Guix! >>>> >>>> I think we should change our pre-push hook as shown below. >>>> >>>> Thoughts? > ... >>> (ins)efraim@E5400 ~$ type -P make >>> (ins)efraim@E5400 ~$ command -v make >>> >>> I'd need to run 'guix environment --ad-hoc make -- git push' >> >> You’d need to run ‘git push’ from a full Guix development environment. >> Do you think it could be a problem? > > Wait a minute... you're saying this is something that needs to be > configured on each committer's machine(s)? > > Shouldn't it be on the server-side recieve hooks instead, otherwise > someone might accidentally (or intentially) push commits not > appropriately signed to the repository or validated by this check... > > Or is this an optional check for recommended for committers? Have I been > missing something all along that I was supposed to be doing? It should be a server-side check so we don’t shoot ourselves in the foot. However, it’s not done yet (but hey, the code is not even a month old :-)), so in the meantime, this hook will be very strongly recommended. Making this a server-side hook on Savannah will be challenging since “we” don’t have direct access to Savannah. That makes me wonder if we should have a push server say on berlin, and make Savannah mirror it or something. Help welcome! > For my own workflow, I usually do not (yet) sign or push commits from a > machine with guix installed... it's a bit awkward, admittedly, but I > don't yet have any SSH or OpenPGP keys I trust guix with directly > (ironically, "make authenticate" is working towards addressing exactly > that trust issue). Heh. :-) Thanks, Ludo’.