From mboxrd@z Thu Jan  1 00:00:00 1970
From: Hartmut Goebel <h.goebel@crazy-compilers.com>
Subject: Re: server and client in one package -> security issue
Date: Tue, 14 Feb 2017 11:44:30 +0100
Message-ID: <58A2DF8E.3040902@crazy-compilers.com>
References: <20170201204312.3005-1-contact.ng0@cryptolab.net>
	<87mvdvxq9v.fsf@gnu.org> <20170209182030.ngn2dsdfbzsmymdj@wasp>
	<87efz7asit.fsf@gnu.org>
	<96fa2c02-f5da-d4f5-6074-04b29f5376fb@crazy-compilers.com>
	<20170214101651.068fb59a@scratchpost.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47153)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <h.goebel@crazy-compilers.com>) id 1cdab7-0006cw-Tk
	for guix-devel@gnu.org; Tue, 14 Feb 2017 05:44:38 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <h.goebel@crazy-compilers.com>) id 1cdab4-0004mz-T5
	for guix-devel@gnu.org; Tue, 14 Feb 2017 05:44:38 -0500
Received: from mail-out.m-online.net ([2001:a60:0:28:0:1:25:1]:48636)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <h.goebel@crazy-compilers.com>)
	id 1cdab4-0004mL-Mu
	for guix-devel@gnu.org; Tue, 14 Feb 2017 05:44:34 -0500
In-Reply-To: <20170214101651.068fb59a@scratchpost.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Danny Milosavljevic <dannym@scratchpost.org>
Cc: guix-devel@gnu.org

Am 14.02.2017 um 10:16 schrieb Danny Milosavljevic:
> I don't think Guix should do that, though.=20

I think guix should provide the tools for doing so. Guix has the big
advantage of providing trustworthy packages, but kicks itself out of the
race if hardening is so much complicated.

> IMO locking down everything for users is basically the antithesis of th=
e FSF.

The "user" is the company, the employees work on behalf of the company.
So the software freedom has to be available toe the company not to the
individual employee.

As a company I'm expecting the user to *not* install software on their
computers (not talking about developers here). Otherwise its like
allowing workers to bring their own hammer to the building site or their
own machines into the factory building. If the hammer is inappropriate
and is deforming all nails, or the machine is producing scrap, the
company the the one bear the consequences.


--=20
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel@crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |