Hello! Le samedi 16 mars 2024 à 17:50 +0000, Christopher Baines a écrit : > This is probably worth thinking about as Guix is in a similar > situation > regarding publishing source code, and people potentially wanting to > change historical source code both in things Guix packages and Guix > itself.
I see two problems: 1. providing packages; 2. developing Guix itself. I am sure that 1. is not a real problem, we could just ask the developer to release a new version incrementing the patch number, upgrade it on our side, and forget the old version. Garbage collection would ultimately get rid of the old tarballs. 2. is more difficult, because Guix contributors sometimes change their names too, and a commit reading “update my name” is not the best solution. If I understand correctly, rewriting the history would be understood as a “downgrade attack”, contrary to the ftfy case where the developer could rewrite the history without such consequences. Is my understanding correct?