Hello, > I wished you would not call for abolishing this mechanism as a > tangent to the discussion of whether there are rules relating to > force pushing, especially when you choose not to acknowledge its > major benefits.
What we have here is an OS struggling with "Nobody wants to do code reviews," running on HPCs of some national institutes involved in military and security domains [1][2]. Now imagine secret services of unnamed adversarial governments slipping in subtle backdoors over time, because all you need to get an entry into .guix-authorizations is: - place some 50 reviewed commits - show some beneficial activity for 6 months What I call for is the abolition of a protection mechanism that fails to protect us, only leading us into a false sense of security. Again, it's not about who wrote the code - it's about what is in the code. Cheers, Bost [1] https://www.inria.fr/en/digital-security [2] https://inria.cl/en/ai-military-domain-inria-chile-paris-peace-forum-2025
