unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* security concerns of using guix packages
@ 2015-07-03  0:38 Cook, Malcolm
  2015-07-03  4:44 ` John Darrington
                   ` (2 more replies)
  0 siblings, 3 replies; 9+ messages in thread
From: Cook, Malcolm @ 2015-07-03  0:38 UTC (permalink / raw)
  To: Guix-devel; +Cc: McGee, Jenny

Hello Guixen (Guixers?  Guix-noscenti?)

The sys admin at my institute expresses concern that we would potentially expose ourselves to additional security risk by building scientific software stack in Guix where we might depend on alternate versions of, say, openssl.

Do you agree this is a reasonable concern, and, if so, is there a "position statement" on the matter?  

I'm guessing this is in part a matter of trust - i.e. do we trust GNU/guix gang as much as, say the Red Hat/CentOS gang.  Or am I perhaps misunderstanding the consideration?

I'd be interested in hearing any position on the matter.

Thanks for your consideration,

Malcolm Cook
Computational Biology
Stowers Institute for Medical Research

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2015-07-04 20:43 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-03  0:38 security concerns of using guix packages Cook, Malcolm
2015-07-03  4:44 ` John Darrington
2015-07-03  5:40   ` Claes Wallin (韋嘉誠)
2015-07-04 14:32     ` Ludovic Courtès
2015-07-04 13:50 ` Pjotr Prins
2015-07-04 14:22 ` Ludovic Courtès
2015-07-04 14:37   ` Pjotr Prins
2015-07-04 19:51   ` Claes Wallin (韋嘉誠)
2015-07-04 20:43     ` John Darrington

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).