unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: "Tomáš Čech" <sleep_walker@gnu.org>
To: guix-devel@gnu.org
Subject: Re: A registry for distributed sources and binaries
Date: Mon, 25 Jul 2016 09:18:49 +0200	[thread overview]
Message-ID: <20160725071849.kx355nuzhdddvzlr@venom> (raw)
In-Reply-To: <87wpka7p0g.fsf@elephly.net>

[-- Attachment #1: Type: text/plain, Size: 905 bytes --]

On Sun, Jul 24, 2016 at 10:35:43PM +0200, Ricardo Wurmus wrote:
>What do you think about that?  Does this align with your vision?
>
>What do others think?  Is this something that would benefit the Guix
>project and its audience?

I like the idea a lot.

I'm only concerned with security of such thing. When the number of
other package sources will grow, it should be ensured that some
package definition will not touch core/library without user
consent. If they will take packages from random sources (as they are
careful when downloading applications for windows from various sources
or reading licenses), it may easily become security threat to whole
system.

I'd be glad if we can stop using GUIX_PACKAGE_PATH environment
variable (which is a bit clumsy) and have support for multiple source,
with priorities (for cases of collisions) and maybe in future support
for some digital signatures.

\o/

S_W

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

  parent reply	other threads:[~2016-07-25  7:18 UTC|newest]

Thread overview: 87+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-21  1:39 (unknown) Unknown, Pjotr Prins
2016-07-21  1:42 ` [PATCH] gnu: Add elixir Pjotr Prins
2016-07-21 11:43   ` Ben Woodcroft
2016-07-21 12:00     ` Pjotr Prins
2016-07-22  5:26     ` Leo Famulari
2016-07-22 12:55       ` Ludovic Courtès
2016-07-22 14:12         ` Leo Famulari
2016-07-21 12:51 ` none Ludovic Courtès
2016-07-22  0:41   ` none Pjotr Prins
2016-07-22  2:06     ` none Pjotr Prins
2016-07-22  3:25       ` none Jookia
2016-07-22  3:48       ` none Leo Famulari
2016-07-22  4:48       ` none Tobias Geerinckx-Rice
2016-07-22 11:07         ` none Pjotr Prins
2016-07-22 12:23           ` none Ricardo Wurmus
2016-07-22 12:50             ` none Jookia
2016-07-22 21:19               ` none Leo Famulari
2016-07-24  4:17                 ` none Jookia
2016-07-24  6:35                   ` none Leo Famulari
2016-07-24  7:47                     ` none Jookia
2016-07-24 16:52               ` none Christopher Allan Webber
2016-07-24 17:03                 ` none Andreas Enge
2016-07-22  8:15     ` none Roel Janssen
2016-07-22 14:07       ` none Leo Famulari
2016-07-22 14:15         ` none Vincent Legoll
2016-07-22 16:13       ` none Ludovic Courtès
2016-07-22 16:38         ` none myglc2
2016-07-23  7:03           ` none Tomáš Čech
2016-07-22 16:02     ` Review process Ludovic Courtès
2016-07-23  2:24       ` Pjotr Prins
2016-07-23  9:05         ` Alex Kost
2016-07-23  9:51           ` Mathieu Lirzin
2016-07-24  8:02             ` Alex Kost
2016-07-24 10:38               ` Mathieu Lirzin
2016-07-24 14:09               ` Ludovic Courtès
2016-07-24  3:30       ` A registry for distributed sources and binaries Pjotr Prins
2016-07-24  5:10         ` Tobias Geerinckx-Rice
2016-07-24  5:16           ` Pjotr Prins
2016-07-24  5:24         ` Pjotr Prins
2016-07-24  5:29         ` Mark H Weaver
2016-07-24  5:48           ` Jookia
2016-07-24  6:37             ` Tobias Geerinckx-Rice
2016-07-24  7:49               ` Jookia
2016-07-24 20:02             ` Ricardo Wurmus
2016-07-24  6:28           ` Tobias Geerinckx-Rice
2016-07-24  7:02             ` Pjotr Prins
2016-07-24  7:29           ` Leo Famulari
2016-07-24  7:41             ` Pjotr Prins
2016-07-24  9:50           ` Mathieu Lirzin
2016-07-24 22:46           ` Ludovic Courtès
2016-07-24 13:58         ` Andreas Enge
2016-07-24 15:21           ` Jookia
2016-07-24 15:58             ` Andreas Enge
2016-07-24 17:18             ` replying to a message of a mailing list you were not subscribed to Danny Milosavljevic
2016-07-24 17:25               ` Danny Milosavljevic
2016-07-25  5:38                 ` Ricardo Wurmus
2016-07-25  7:34                   ` icecat "mailto" handler does not work - and cannot be reconfigured by user Danny Milosavljevic
2020-10-13 13:23                     ` bug#24066: " Maxim Cournoyer
2016-07-24 18:50             ` A registry for distributed sources and binaries John Darrington
2016-07-25  9:14             ` Replying to bug reports Ludovic Courtès
2016-07-25  8:25           ` A registry for distributed sources and binaries Andy Wingo
2016-07-25 22:00             ` Reviewer assignment Ludovic Courtès
2016-07-24 20:35         ` A registry for distributed sources and binaries Ricardo Wurmus
2016-07-25  2:10           ` Pjotr Prins
2016-07-25  3:42             ` Tobias Geerinckx-Rice
2016-07-25  4:57               ` Pjotr Prins
2016-07-25  7:18           ` Tomáš Čech [this message]
2016-07-25  9:21           ` Ludovic Courtès
2016-07-26  3:40             ` Pjotr Prins
2016-07-26  3:45               ` Pjotr Prins
2016-07-25  6:13 ` [PATCH] Add Elixir (was: ) Ricardo Wurmus
2016-07-25  6:31   ` Pjotr Prins
2016-07-28  7:27     ` Ricardo Wurmus
2016-07-28  8:30       ` Vincent Legoll
2016-07-28 10:35       ` Pjotr Prins
2016-07-28 20:35         ` Ricardo Wurmus
2016-07-29  2:38           ` Pjotr Prins
2016-07-29  6:32             ` Vincent Legoll
2016-08-02  8:56             ` Ricardo Wurmus
2016-08-02 14:30               ` Pjotr Prins
2016-08-02  8:44     ` [PATCH] Add Elixir Ricardo Wurmus
2016-08-02 14:29       ` Pjotr Prins
2016-08-02 17:26       ` Ludovic Courtès
2016-08-02 21:25         ` Ricardo Wurmus
2016-08-03  4:41           ` Pjotr Prins
2016-08-09 11:18           ` Pjotr Prins
2016-08-09 11:58             ` Alex Sassmannshausen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160725071849.kx355nuzhdddvzlr@venom \
    --to=sleep_walker@gnu.org \
    --cc=guix-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).