From mboxrd@z Thu Jan 1 00:00:00 1970 From: myglc2@gmail.com Subject: Re: [RFC] A simple draft for channels Date: Wed, 24 Jan 2018 00:44:42 -0500 Message-ID: <86po5zx12t.fsf@gmail.com> References: <87bmhq6ytg.fsf@mdc-berlin.de> <87d1263qzt.fsf@gnu.org> <86fu6wh8aq.fsf@gmail.com> <87y3kocydw.fsf@abyayala.i-did-not-set--mail-host-address--so-tickle-me> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:57034) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eeDrc-0004QE-VH for guix-devel@gnu.org; Wed, 24 Jan 2018 00:44:50 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eeDrZ-000357-RL for guix-devel@gnu.org; Wed, 24 Jan 2018 00:44:48 -0500 Received: from mail-qt0-x231.google.com ([2607:f8b0:400d:c0d::231]:34772) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eeDrZ-00034L-Nv for guix-devel@gnu.org; Wed, 24 Jan 2018 00:44:45 -0500 Received: by mail-qt0-x231.google.com with SMTP id a27so7607768qtd.1 for ; Tue, 23 Jan 2018 21:44:45 -0800 (PST) In-Reply-To: <87y3kocydw.fsf@abyayala.i-did-not-set--mail-host-address--so-tickle-me> (ng0@n0.is's message of "Tue, 23 Jan 2018 16:50:51 +0000") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: ng0@n0.is Cc: guix-devel@gnu.org On 01/23/2018 at 16:50 ng0@n0.is writes: > myglc2 writes: >> On 01/19/2018 at 14:41 Ludovic Court=C3=A8s writes: >> >>> Hi! >>> >>> Ricardo Wurmus skribis: >>> >>>> As a first implementation of channels I=E2=80=99d just like to have a = channel >>>> description file that records at least the following things: > [=E2=80=A6] >>> One thing that=E2=80=99s still an open question is how we should treat = Guix >>> itself in that channelized world. >>> >>> Should Guix be a =E2=80=9Cnormal=E2=80=9D channel? It=E2=80=99s tempti= ng to think of it as a >>> regular channel; however, it=E2=80=99s definitely =E2=80=9Cspecial=E2= =80=9D in that it can >>> update the =E2=80=98guix=E2=80=99 command, maybe guix-daemon & co., loc= ale data, etc. >>> How does that affect =E2=80=98guix channel=E2=80=99? >> >> ISTM this design allows channels to inject non-free &/or non-safe >> components into other user's Guix systems. Is that true? >> >> If so, how will it impact the Guix promise of software freedom/safety? >> >> WDYT? - George > > Just commenting on this one for now until I got my mail fixed: > > Why is this a problem? Already today you can run Guix with as many > modifications as you like to, and you are free to install whatever you > want. That's one of the very good aspects of Guix - you can use it to > create whatever you like. Or maybe you need to expand a bit on the > sentences you wrote George. Yes, and this is important to the current user base. But in the future the majority of our users will be end-users that do not directly use FSF freedoms & Guix hackability. Still, they will choose Guix because this freedom and hackability provides indirect benefits such as enhanced security and safety. Yes, FSF freedom means we must permit any user to shoot themselves in the foot. But with GUIX_PACKAGE_PATH, this is not a worry. Channels dramatically increases the ease with which an end-user can harm themselves by e.g. using a channel that delivers non-free &/or non-safe software. This raises the question: are we obliged to, and if so, how do we help end-users protect themselves from this risk?