From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pjotr Prins Subject: Re: security concerns of using guix packages Date: Sat, 4 Jul 2015 16:37:09 +0200 Message-ID: <20150704143709.GB14821@thebird.nl> References: <87a8vcuhnn.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33015) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZBOZu-0005JA-IE for guix-devel@gnu.org; Sat, 04 Jul 2015 10:38:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZBOZr-0001NJ-As for guix-devel@gnu.org; Sat, 04 Jul 2015 10:38:02 -0400 Content-Disposition: inline In-Reply-To: <87a8vcuhnn.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Ludovic =?iso-8859-1?Q?Court=E8s?= Cc: Guix-devel , "McGee, Jenny" On Sat, Jul 04, 2015 at 04:22:20PM +0200, Ludovic Court=E8s wrote: > A concern could be the time it takes for the project to deploy security > fixes. Obviously there are much fewer Guix contributors than Debian > contributors, but so far we do pretty well nevertheless (thanks to > Mark=A0H Weaver for the most part.) I would like to add here that Guix compares to Nix in many ways (not least they share the same daemon). Nix has been going much longer, it has a large community, and it is interesting to note that many Nixers are actually system administrators who choose to deploy their systems with Nix packages. It is not that that they chose to live dangerously ;). You could check their track record for security fixes. You'll find that every major fix went in quickly. Same for Guix with its short history. Pj.