Skip to content

Verify Binary change to Guix #807

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Verify Binary change to Guix #807

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 6 additions & 8 deletions _posts/en/pages/2017-01-01-download.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ permalink: /en/download/
type: pages
layout: page
lang: en
version: 5
version: 6

## These strings need to be localized. In the listing below, the
## comment above each entry contains the English text. The key before the
Expand Down Expand Up @@ -163,13 +163,11 @@ independently_reproducing: >
cryptographically sign and publish the checksums of the binaries they
generate.
verifying_and_reproducing: >
Verifying that several contributors you trust all signed the same
checksums distributed in the release checksums file will provide you
with additional assurances over the preceding basic verification
instructions. Alternatively, reproducing a binary for yourself will
provide you with the highest level of assurance currently available.
For more information, visit the project's repository of

The preceding verification instructions will verify that several
contributors you trust all signed the same checksums distributed in
the release checksums file. Alternatively, reproducing a binary for
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
the release checksums file. Alternatively, reproducing a binary for
the release checksums file. Additionally, reproducing a binary for

I think this is both an alternative and and addition?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see it as verify_contrib_sigs or (verify_contrib_sigs + reproduce_binary). Is it safe to just reproduce_binary?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, you see it as +, which is why I think Additionally is a better word than Alternatively, which can mean "or"? (I am not a native speaker)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See also the use of Additional in build_reproduction: "Additional verification with reproducible builds", presumably meaning Additional (on top of) just https verification done by the browser.

yourself will provide you with the highest level of assurance currently
available. For more information, visit the project's repository of
guix_repository: "trusted build process signatures"

key_refresh: "Refresh expired keys using:"
Expand Down