<dfsdfssad>civodul: Note that I have to finish my current project first, which may take five days or so. But I really want to help out more since I don't want Guix to fail. It's important in general, and for GNU in particular.
<mark_weaver>civodul: regarding the digital signatures, I think it's important to design things such that the signature made by the build machine is in no way central. the system should allow the collection of signatures from anyone, much like the GPG key servers accept our signatures on other people's GPG keys to be merged into the keyring made available to others.
<civodul>yeah, that's why i suggested the authorized key thing
<mark_weaver>then, as we achieve bit-for-bit reproducability of each package, it will hopefully become common for many packages to be signed by more than one person.
<civodul>but remember that the thing i wrote about is not the preferred mechanism to exchange between users