From: MSavoritias <email@msavoritias.me>
To: Dale Mellor <guix-devel-0brg6a@rdmp.org>
Cc: Ekaitz Zarraga <ekaitz@elenq.tech>,
Andreas Enge <andreas@enge.fr>,
guix-devel@gnu.org
Subject: Re: Next Steps For the Software Heritage Problem
Date: Fri, 21 Jun 2024 12:19:41 +0300 [thread overview]
Message-ID: <20240621121941.78a6db15@fannys.me> (raw)
In-Reply-To: <8c9da9051b126ed3ef25905bd0ec166c7c54818d.camel@rdmp.org>
On Fri, 21 Jun 2024 09:41:10 +0100
Dale Mellor <guix-devel-0brg6a@rdmp.org> wrote:
> On Thu, 2024-06-20 at 22:59 +0200, Ekaitz Zarraga wrote:
> > Hi,
> >
> > On 2024-06-20 22:54, Andreas Enge wrote:
> > > Am Thu, Jun 20, 2024 at 07:42:44PM +0100 schrieb Dale Mellor:
> > > > I'm sure guix lint tried to push my code out to them the last time I
> > > > tried.
> > >
> > > Ah indeed, there is this in guix/lint.scm:
> > >
> > > So it does not push code, but a URL from which the code can be downloaded.
> > > Thus it requires the code to be available from the Internet; local code
> > > is "safe" from SWH.
>
> But this is still leaking information.
>
> > > Now I do not know what will happen if you save your code as a git
> > > repository at a hidden URL. For instance, does SWH check the license?
> > > I would hope so.
>
> Hope is not really good enough, there needs to be certainty in this.
>
> >
> > For this specific case we could add some flag to the command line like
> > `--do-not-archive` or something like that.
>
> `-x archival` does it, but it is too easy to forget and once the cat is out
> of the bag privacy is lost. I really think this should be default behaviour, or
> at least there should be a flag in the package definition. I would still be
> uncomfortable with the last option, as everyone would be relying on the
> collective of Guix maintainers to not screw up and accidentally leak private
> data.
>
> Dale
Yeah very much agree this should be the default behavior. Archiving should be opt-in to avoid any surprises for the person running it.
I am surprised it became default actually.
MSavoritias
next prev parent reply other threads:[~2024-06-21 9:20 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-18 8:37 Next Steps For the Software Heritage Problem MSavoritias
2024-06-18 14:19 ` Ian Eure
2024-06-19 8:36 ` Dale Mellor
2024-06-20 17:00 ` Andreas Enge
2024-06-20 18:42 ` Dale Mellor
2024-06-20 20:54 ` Andreas Enge
2024-06-20 20:59 ` Ekaitz Zarraga
2024-06-20 21:12 ` Andreas Enge
2024-06-21 8:41 ` Dale Mellor
2024-06-21 9:19 ` MSavoritias [this message]
2024-06-21 13:33 ` Luis Felipe
2024-06-21 17:51 ` Exclude checker with package properties [draft PATCH] Simon Tournier
2024-06-21 18:37 ` Felix Lechner via Development of GNU Guix and the GNU System distribution.
2024-06-21 18:44 ` Simon Tournier
2024-06-21 18:42 ` Simon Tournier
2024-06-22 15:54 ` Draft: dry-run + Exclude checker with package properties Simon Tournier
2024-06-20 21:27 ` Next Steps For the Software Heritage Problem Simon Tournier
2024-06-18 16:21 ` Greg Hogan
2024-06-18 16:33 ` MSavoritias
2024-06-18 17:31 ` Greg Hogan
2024-06-18 17:57 ` Ian Eure
2024-06-19 7:01 ` MSavoritias
2024-06-19 9:57 ` Efraim Flashner
2024-06-20 2:56 ` Felix Lechner via Development of GNU Guix and the GNU System distribution.
2024-06-20 5:18 ` MSavoritias
2024-06-19 10:10 ` Efraim Flashner
2024-06-21 8:39 ` About SWH, let avoid the wrong discussion Simon Tournier
2024-06-21 9:12 ` MSavoritias
2024-06-21 9:46 ` Andreas Enge
2024-06-21 10:44 ` MSavoritias
2024-06-21 13:45 ` Luis Felipe
2024-06-21 14:15 ` MSavoritias
2024-06-21 16:33 ` Luis Felipe
2024-06-21 17:04 ` Msavoritias
2024-06-21 16:34 ` Liliana Marie Prikler
2024-06-21 16:51 ` Vagrant Cascadian
2024-06-21 17:22 ` MSavoritias
2024-06-21 20:51 ` Vagrant Cascadian
2024-06-22 15:46 ` MSavoritias
2024-06-22 17:55 ` Breath, let take a short break :-) Simon Tournier
2024-06-24 7:30 ` MSavoritias
2024-06-24 10:23 ` Tomas Volf
2024-06-24 11:56 ` Lets cut this off Efraim Flashner
2024-06-21 17:25 ` About SWH, let avoid the wrong discussion Felix Lechner via Development of GNU Guix and the GNU System distribution.
2024-06-22 13:06 ` Richard Sent
2024-06-22 14:42 ` MSavoritias
2024-06-22 19:53 ` Ricardo Wurmus
2024-06-24 7:55 ` MSavoritias
2024-06-24 9:13 ` Ricardo Wurmus
-- strict thread matches above, loose matches on Subject: below --
2024-06-18 17:12 Next Steps For the Software Heritage Problem Andy Tai
2024-06-18 18:08 ` Ian Eure
2024-06-19 10:31 ` raingloom
2024-06-27 12:27 ` Ludovic Courtès
2024-06-27 15:30 ` Ian Eure
2024-06-27 16:48 ` Felix Lechner via Development of GNU Guix and the GNU System distribution.
2024-06-27 16:58 ` Ludovic Courtès
2024-06-19 7:52 Simon Tournier
2024-06-19 9:13 ` MSavoritias
2024-06-19 9:54 ` Efraim Flashner
2024-06-19 10:25 ` raingloom
2024-06-19 15:46 ` Ekaitz Zarraga
2024-06-20 6:36 ` MSavoritias
2024-06-20 14:35 ` Ekaitz Zarraga
2024-06-21 8:51 ` MSavoritias
2024-06-19 10:34 ` MSavoritias
2024-06-19 14:41 ` Simon Tournier
2024-06-20 6:51 ` MSavoritias
2024-06-20 14:40 ` Simon Tournier
2024-06-21 9:08 ` MSavoritias
2024-06-28 18:01 Juliana Sims
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240621121941.78a6db15@fannys.me \
--to=email@msavoritias.me \
--cc=andreas@enge.fr \
--cc=ekaitz@elenq.tech \
--cc=guix-devel-0brg6a@rdmp.org \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).