From mboxrd@z Thu Jan 1 00:00:00 1970 From: Konrad Hinsen Subject: Re: Profiles/manifests-related command line interface enhancements Date: Sun, 10 Nov 2019 10:36:43 +0100 Message-ID: References: <87mudrxvs8.fsf@ambrevar.xyz> <87mudd59ho.fsf@gnu.org> <877e4glyc3.fsf@ambrevar.xyz> <87v9rxx8ri.fsf@gnu.org> <87d0e4oy51.fsf@ambrevar.xyz> <878sop6icq.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:51463) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iTjeL-00082I-JT for guix-devel@gnu.org; Sun, 10 Nov 2019 04:36:50 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iTjeK-0000ak-By for guix-devel@gnu.org; Sun, 10 Nov 2019 04:36:49 -0500 In-Reply-To: <878sop6icq.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= , guix-devel@gnu.org Hi Ludo, > Of course, using a general-purpose language upfront also comes at a > price, as you note. But I think that what it has to offer to users > outweighs the costs, and that=E2=80=99s a lesson learned from Emacs. Jus= t to > say I=E2=80=99m not willing to replace =E2=80=98config.scm=E2=80=99 with = =E2=80=98config.yaml=E2=80=99, if > that=E2=80=99s what you had in mind. :-) YAML is for kids. Real managers won't settle for less than full XML. ;-) Seriously, as a power user, I am perfectly happy with Guile for everything. I certainly don't want less. And for now, it's safe to assume that most Guix users are power users. The question is if we want Guix to remain exclusively a power tool for power users. If not, we need to make sure that it won't become a malware platform, by making it safe to use for people who don't read Guile code. In particular, common use cases should not require users do download unrestricted Guile code from untrusted sources. Emacs is an interesting comparison in many ways, but also a much less interesting target for malware than Guix. An attack on Guix can undermine all the guarantees it provides through reproducible builds. Maybe Ken Thompson should do an update of his famous "Trusing trust" that extends the discussion of compilers to build tools in general. One direction could be to add a sandboxing feature to Guile, which would be nice-to-have for other uses as well if Guile is to become a general-purpose systems scripting language. There are some interesting ideas in shill (http://shill.seas.harvard.edu/) for this scenario. Cheers, Konrad.