Guidelines
Problem Description
Recently, among other great updates, new badges has been added to Neo Store to indicate whether a given package has been built reproducibly.
This alone is a great feature that improves user confidence regarding installed packages. I think that one missing thing is prevention of an upgrade of a reproducibly built package to a new version that hasn't been built reproducibly. This seems to occur fairly often and most of the time does not indicate a security issue but may increase user confidence that they only ever install reproducibly built packages.
Proposed Solution
A way to achieve this could be placing a check box in the settings with a label "Prevent upgrading of packages to non reproducibly-built versions".
Alternatives Considered
No response
Relevant information
No response
Guidelines
Problem Description
Recently, among other great updates, new badges has been added to Neo Store to indicate whether a given package has been built reproducibly.
This alone is a great feature that improves user confidence regarding installed packages. I think that one missing thing is prevention of an upgrade of a reproducibly built package to a new version that hasn't been built reproducibly. This seems to occur fairly often and most of the time does not indicate a security issue but may increase user confidence that they only ever install reproducibly built packages.
Proposed Solution
A way to achieve this could be placing a check box in the settings with a label "Prevent upgrading of packages to non reproducibly-built versions".
Alternatives Considered
No response
Relevant information
No response