Marcel van der Boom <[email protected]> writes: > Not 100% sure, but I think this applies to my situation: > > "Pay attention to merges in particular: merge commits are considered authentic > if and only if they are signed by a key present in the .guix-authorizations > file > of both branches." > > > My local (channel) repo is just the guix sources with some patches, which > obviously will lead to merge commits on almost every pull. > > Is this analysis correct? > > If so, how do I change this? My goal is to have a local copy to put patches > in. This works easier in some cases rather than having a manifest.
Yes, the analysis is correct and no, currently it is not possible to have an authenticated Guix fork that periodically merges from Guix proper. You *can* get there by patching some files. ¯\_(ツ)_/¯ You can read more in this[0] message from September of 2023. Tomas 0: https://lists.gnu.org/archive/html/help-guix/2023-09/msg00078.html -- There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors.
signature.asc
Description: PGP signature
