From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Hinsen <konrad.hinsen@fastmail.net>
Subject: Re: Profiles/manifests-related command line interface enhancements
Date: Sun, 10 Nov 2019 10:36:43 +0100
Message-ID: <m18sooyswk.fsf@ordinateur-de-catherine--konrad.home>
References: <87mudrxvs8.fsf@ambrevar.xyz> <87mudd59ho.fsf@gnu.org>
 <877e4glyc3.fsf@ambrevar.xyz> <m18souet41.fsf@khs-macbook.home>
 <87v9rxx8ri.fsf@gnu.org>
 <m11ruk1640.fsf@ordinateur-de-catherine--konrad.home>
 <87d0e4oy51.fsf@ambrevar.xyz>
 <m1v9rwym48.fsf@ordinateur-de-catherine--konrad.home>
 <878sop6icq.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:51463)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <konrad.hinsen@fastmail.net>) id 1iTjeL-00082I-JT
 for guix-devel@gnu.org; Sun, 10 Nov 2019 04:36:50 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <konrad.hinsen@fastmail.net>) id 1iTjeK-0000ak-By
 for guix-devel@gnu.org; Sun, 10 Nov 2019 04:36:49 -0500
In-Reply-To: <878sop6icq.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>, guix-devel@gnu.org

Hi Ludo,

> Of course, using a general-purpose language upfront also comes at a
> price, as you note.  But I think that what it has to offer to users
> outweighs the costs, and that=E2=80=99s a lesson learned from Emacs.  Jus=
t to
> say I=E2=80=99m not willing to replace =E2=80=98config.scm=E2=80=99 with =
=E2=80=98config.yaml=E2=80=99, if
> that=E2=80=99s what you had in mind.  :-)

YAML is for kids. Real managers won't settle for less than full XML. ;-)

Seriously, as a power user, I am perfectly happy with Guile for
everything. I certainly don't want less. And for now, it's safe to
assume that most Guix users are power users. The question is if we want
Guix to remain exclusively a power tool for power users. If not, we need
to make sure that it won't become a malware platform, by making it safe
to use for people who don't read Guile code. In particular, common use
cases should not require users do download unrestricted Guile code from
untrusted sources.

Emacs is an interesting comparison in many ways, but also a much less
interesting target for malware than Guix. An attack on Guix can
undermine all the guarantees it provides through reproducible builds.
Maybe Ken Thompson should do an update of his famous "Trusing trust"
that extends the discussion of compilers to build tools in general.

One direction could be to add a sandboxing feature to Guile, which would
be nice-to-have for other uses as well if Guile is to become a
general-purpose systems scripting language. There are some interesting
ideas in shill (http://shill.seas.harvard.edu/) for this scenario.

Cheers,
  Konrad.