From: Vivien Kraus <vivien@planete-kraus.eu>
To: guix-devel@gnu.org
Subject: Guix role in a free society
Date: Mon, 18 Mar 2024 18:48:27 +0100 [thread overview]
Message-ID: <86d01304cc8957a2508e1d1732421b5e0f9ceeb5.camel@planete-kraus.eu> (raw)
Hello,
Free software enables cooperation in a free society. More precisely, it
makes it easy for a user of a package to use a new version where the
personal information has been corrected. The thread in [1] questions
our handling of potential cases where a transgender contributor of Guix
or one of its packages requests to change their name. While it would be
nothing but cruel to deny such a request, I want to consider the
broader case of updating personal information in general.
If someone asks you to update your installation of a package to a new
tarball with updated personal information (or a new tag in a rewritten
history), then in a non-free society, you can only say, “Sorry, I’m not
allowed to”. In a free society, you’re allowed to, and you have tools
at your fingertips to make sure it’s harmless to you (diff with your
old version, if you are alone, or collectively check that it follows
semver, remember that it still has all the CVEs, and forget about the
old thing).
If accepting such a safe update makes a security system fire false
positives (such as, guix pull saying there’s a downgrade attack if
guix’ history has been safely rewritten), then it’s a limitation of the
security system. If it’s too much work to silence this warning for a
legitimate reason, then make an announcement about this particular
false positive and let the user proceed.
The guix users, I claim, would rather have a distribution of guix (and
the packages it provides) with accurate personal information, even if
it means to be annoyed for a moment with a security system.
Best regards,
Vivien
[1] https://lists.gnu.org/archive/html/guix-devel/2024-03/msg00138.html
P.S. I am desensitized to eye-rolling when I talk about free
software ;)
next reply other threads:[~2024-03-18 17:46 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-18 17:48 Vivien Kraus [this message]
2024-03-18 18:16 ` Guix role in a free society Tomas Volf
2024-03-18 18:26 ` MSavoritias
2024-03-18 19:08 ` Tobias Alexandra Platen
2024-03-18 20:05 ` Richard Sent
2024-03-18 22:24 ` Ludovic Courtès
2024-03-20 17:44 ` Giovanni Biscuolo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86d01304cc8957a2508e1d1732421b5e0f9ceeb5.camel@planete-kraus.eu \
--to=vivien@planete-kraus.eu \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).