unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: ng0@n0.is
To: guix-devel@gnu.org
Subject: Re: [RFC] A simple draft for channels
Date: Wed, 24 Jan 2018 12:33:03 +0000	[thread overview]
Message-ID: <87607rzbb4.fsf@abyayala.i-did-not-set--mail-host-address--so-tickle-me> (raw)
In-Reply-To: <86po5zx12t.fsf@gmail.com> (myglc2@gmail.com's message of "Wed, 24 Jan 2018 00:44:42 -0500")

myglc2@gmail.com:
> On 01/23/2018 at 16:50 ng0@n0.is writes:
>
>> myglc2 writes:
>>> On 01/19/2018 at 14:41 Ludovic Courtès writes:
>>>
>>>> Hi!
>>>>
>>>> Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de> skribis:
>>>>
>>>>> As a first implementation of channels I’d just like to have a channel
>>>>> description file that records at least the following things:
>> […]
>>>> One thing that’s still an open question is how we should treat Guix
>>>> itself in that channelized world.
>>>>
>>>> Should Guix be a “normal” channel?  It’s tempting to think of it as a
>>>> regular channel; however, it’s definitely “special” in that it can
>>>> update the ‘guix’ command, maybe guix-daemon & co., locale data, etc.
>>>> How does that affect ‘guix channel’?
>>>
>>> ISTM this design allows channels to inject non-free &/or non-safe
>>> components into other user's Guix systems. Is that true?
>>>
>>> If so, how will it impact the Guix promise of software freedom/safety?
>>>
>>> WDYT? - George
>>
>> Just commenting on this one for now until I got my mail fixed:
>>
>> Why is this a problem? Already today you can run Guix with as many
>> modifications as you like to, and you are free to install whatever you
>> want.  That's one of the very good aspects of Guix - you can use it to
>> create whatever you like.  Or maybe you need to expand a bit on the
>> sentences you wrote George.
>
> Yes, and this is important to the current user base. But in the future
> the majority of our users will be end-users that do not directly use FSF
> freedoms & Guix hackability. Still, they will choose Guix because this
> freedom and hackability provides indirect benefits such as enhanced
> security and safety.
>
> Yes, FSF freedom means we must permit any user to shoot themselves in
> the foot. But with GUIX_PACKAGE_PATH, this is not a worry.
>
> Channels dramatically increases the ease with which an end-user can harm
> themselves by e.g. using a channel that delivers non-free &/or non-safe
> software. This raises the question: are we obliged to, and if so, how do
> we help end-users protect themselves from this risk?

In my honest opinion: No. We can not prevent this. All we can do
is to provide a list of *official* channels. Beyond that I don't
think we should try to regulate what's in an unofficial channel
and what's allowed.
It would be waste of time better spent in other parts of the
project.

-- 
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

  reply	other threads:[~2018-01-24 12:33 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-19  8:24 [RFC] A simple draft for channels Ricardo Wurmus
2018-01-19  8:55 ` Jelle Licht
2018-01-19 11:30 ` Pjotr Prins
2018-01-19 13:41 ` Ludovic Courtès
2018-01-19 13:56   ` Pjotr Prins
2018-01-23  6:38     ` Ricardo Wurmus
2018-01-23  8:54       ` Pjotr Prins
2018-01-23 23:01         ` Carlo Zancanaro
2018-01-23 16:03   ` myglc2
2018-01-23 16:50     ` ng0
2018-01-24  5:44       ` myglc2
2018-01-24 12:33         ` ng0 [this message]
2018-01-24 15:04           ` Konrad Hinsen
2018-01-23 20:39     ` Ricardo Wurmus
2018-01-23 20:37   ` Ricardo Wurmus
2018-01-24 12:01     ` Pjotr Prins
2018-01-20  5:45 ` 宋文武
2018-01-24 14:08   ` Ludovic Courtès
2018-01-24 17:55     ` myglc2
2018-01-24 18:20       ` Ricardo Wurmus
2018-01-26 17:23         ` myglc2
2018-01-26 18:53           ` Oleg Pykhalov
2018-03-19 12:46         ` ng0
2018-01-27 12:10 ` Chris Marusich
2018-03-19 12:04   ` [Orchestration][RFC] " Pjotr Prins
2018-03-19 12:36     ` ng0
2018-03-19 18:21     ` myglc2
2018-03-19 18:31       ` Pjotr Prins
2018-03-19 20:18         ` myglc2
2018-03-19 20:29           ` Pjotr Prins
2018-03-20  7:02     ` Pjotr Prins
2018-03-20 10:41       ` Ricardo Wurmus
2018-03-20 13:10         ` Pjotr Prins
2018-03-20 13:41           ` Ricardo Wurmus

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87607rzbb4.fsf@abyayala.i-did-not-set--mail-host-address--so-tickle-me \
    --to=ng0@n0.is \
    --cc=guix-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).