From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:8:6d80::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id 6MRwI2OUaGANTgAAgWs5BA (envelope-from ) for ; Sat, 03 Apr 2021 18:14:27 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id uLhEHWOUaGD/SgAA1q6Kng (envelope-from ) for ; Sat, 03 Apr 2021 16:14:27 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 201A22DCDE for ; Sat, 3 Apr 2021 18:14:27 +0200 (CEST) Received: from localhost ([::1]:37722 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lSiun-0006x8-Rx for larch@yhetil.org; Sat, 03 Apr 2021 12:14:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38962) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lSiue-0006wo-Dr for guix-devel@gnu.org; Sat, 03 Apr 2021 12:14:16 -0400 Received: from mx1.dismail.de ([78.46.223.134]:4293) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lSiua-0008VM-J2 for guix-devel@gnu.org; Sat, 03 Apr 2021 12:14:16 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 36425bee; Sat, 3 Apr 2021 18:14:07 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type; s=20190914; bh=gIXMlJGuS0bNIeBYIRR6yZIstuEfnChVcB +E3Ph0ZXM=; b=lDF6nhqvH+czLjQBsn8l8w5+fSGDlOQPa7AnA9eYIMFszS81ry w/PZY9FjeGU+0IRidyaOc1ibq44XRabZiZcq5rvRmua/v1wkUpGKP0xaYSI16ilN d6Sx/k9SumjNpXZIZYlrPlU3iwzsgzgC83Y5pDUtbBdhE5FcTe4QHJTeHYEB8fp0 JooGsls4Iu+dVjE5cXOGSw1gNfBBs16OWu/a/w/n6IBnR1d+xU4yIYPW+nF3XXIc LIoxwkBhp9kzmrwrm6I/6wF/NSITM9ZO23hu5vx/WeG6ICCaqZcj/zVFC1ukq1fV YnjxW4Q81dZHQPqeM5xPXAXbF+i9SXC2VjVw== Received: from smtp1.dismail.de ( [10.240.26.11]) by mx1.dismail.de (OpenSMTPD) with ESMTP id c62ffc07; Sat, 3 Apr 2021 18:14:07 +0200 (CEST) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id 017f32d5; Sat, 3 Apr 2021 18:14:07 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id bcd05cbd (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Sat, 3 Apr 2021 18:14:06 +0200 (CEST) From: Joshua Branson To: Christopher Baines Cc: guix-devel@gnu.org Subject: Re: Security related tooling project OFF TOPIC PRAISE References: <874kgn4plq.fsf@cbaines.net> Mail-Followup-To: Christopher Baines , guix-devel@gnu.org Date: Sat, 03 Apr 2021 12:13:53 -0400 In-Reply-To: <874kgn4plq.fsf@cbaines.net> (Christopher Baines's message of "Sat, 03 Apr 2021 11:41:37 +0100") Message-ID: <87h7knmjlq.fsf@dismail.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=78.46.223.134; envelope-from=jbranso@dismail.de; helo=mx1.dismail.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1617466467; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=6mZAMHdnPDocmfoWtI6jareGJG6H7KqCPRjneQJJjRA=; b=cIb4IhZBfgkPmG9giW1+OpgpAGPO1liuonpS+tv8GRunNAs7u7wydUPMUs0JzmAFUbdlHz q79wCkZGKLLymXJ93PRG6HHvFeDJ9HTmWXq07VRU52gEp3hzIQRkb3nvg66vF+8KPDv2xe 7oPclanyR1SdMhxjl0OR0Z62dklVdTgi04mFMsQv2fG/TRYHEZfYRO3f1FvAObQMC7VDhe lOJKdw+DDknwgUFCXwgSgGjZt4tLCX3zOpQHfUpy7khmc3+hGEhJoAG7eGqpFbLx7QEi2k Vw1h+v7DZHQFZKTMrvvBVUS0s6+MAltlZ/nPccDgLudkX4jQSBrBA9JFn5metQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1617466467; a=rsa-sha256; cv=none; b=mapmqvD9qmGMEkRob+2XzfyOowBxLWv2O77ZBqj2E3Vt47g9hReoFkHKpi7n2VwLMlkpgR exX0f7Cxj4CrKCHXlEuBujDPHDS8fNd639GMswE3XjAyR5cIiKBgvatcJmEErRuNqDBD82 42asI61i2QCllCS1u/iDD8Wuf0Jx8JSWW/Ma31hN+qsPPKsSgiaZodO55x/RZJcqsv8u7g 9jQjVH2tchKuZy4wUBY0Gen/s3pGdqhfDOmFyPlgSIc5yC+bDcRMX5oRF8Io9VbrZv6Pc6 RetpJ4ZRyHjlngLl9/a/2/+TGdvbTFP5dBOnJ/0SZU2f76fUWg/j4UCsqxOhTA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=dismail.de header.s=20190914 header.b=lDF6nhqv; dmarc=pass (policy=reject) header.from=dismail.de; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -3.13 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=dismail.de header.s=20190914 header.b=lDF6nhqv; dmarc=pass (policy=reject) header.from=dismail.de; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 201A22DCDE X-Spam-Score: -3.13 X-Migadu-Scanner: scn0.migadu.com X-TUID: aeUGOElbWGIC Christopher Baines writes: > Hey, > > In May last year (2020), I submitted an application to NLNet. The work I > set out wasn't something I was doing at the time, but something I hadn't > yet found time to work on, tooling specifically around security issues. > > The application got a bit lost, probably somewhat down to email issues > on my end. Anyway, things picked up again in February of this year > (2021), and this is now something I'm looking to do roughly over the > next 8 months. Sweet action bro! Way to land a guix related job for the next 8 months! That's awesome! > > I've been working on stuff in and around Guix for I think around 5 years > now, and in that time I have attempted some big projects, particularly > things like the Guix Data Service and Guix Build Coordinator. I've fit > all of that around a regular non-Guix related work. The support of NLNet > means I'm able to set aside more time for Guix and this work, exactly > how much more time I can dedicate is something I'm still working on. I'm looking forward to the tooling that you'll develop! I've heard cool things about the Guix Data Service and the Build Coordinator. I've no doubt that your security related tooling will be just as fantastic! > > There's a more complete description of the aims and tasks here [1], this > email is effectively the start of the work. I want to get lots of input > and feedback on the plans I've set out, as well as checking if there's > any related or overlapping work going on. > > 1: https://git.cbaines.net/guix/tooling-to-improve-security-and-trust/about/ Are you using guix system to serve the above link? I didn't realize that gitolite could render a README document so well! > > Please let me know if you have any comments or questions! > > Thanks, > > Chris It'll be interesting when people stop saying that "OpenBSD" has fixed that security issue, and instead they say guix system fixed that security flaw. :) -- Joshua Branson (joshuaBPMan in #guix) Sent from Emacs and Gnus https://gnucode.me https://video.hardlimit.com/accounts/joshua_branson/video-channels https://propernaming.org "You can have whatever you want, as long as you help enough other people get what they want." - Zig Ziglar