From mboxrd@z Thu Jan 1 00:00:00 1970 From: Konrad Hinsen Subject: Re: A better XML, config is code (was Re: Profiles/manifests-related command line...) Date: Wed, 13 Nov 2019 16:28:58 +0100 Message-ID: References: <87mudrxvs8.fsf@ambrevar.xyz> <87mudd59ho.fsf@gnu.org> <877e4glyc3.fsf@ambrevar.xyz> <87v9rxx8ri.fsf@gnu.org> <87d0e4oy51.fsf@ambrevar.xyz> <878sop6icq.fsf@gnu.org> <87lfsmpfsk.fsf@roquette.mug.biscuolo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:34640) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iUuZv-0007nL-G4 for guix-devel@gnu.org; Wed, 13 Nov 2019 10:29:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iUuZt-0002tf-E6 for guix-devel@gnu.org; Wed, 13 Nov 2019 10:29:07 -0500 Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:51913) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iUuZr-0002qT-Em for guix-devel@gnu.org; Wed, 13 Nov 2019 10:29:04 -0500 In-Reply-To: <87lfsmpfsk.fsf@roquette.mug.biscuolo.net> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Giovanni Biscuolo , guix-devel@gnu.org Hi Giovanni, > The real question is: a configure file is code or data? IMHO is code, Code is data with execution semantics, so "code" is a subset of "data". I'd reformulate the question as: should configuration data be literal data, or the result of a computation? The second opton is more general, and therefore more powerful. If that is good or bad depends on the application. If you are writing the configuration, you appreciate more power. If you use someone else's, you might well prefer it not being more powerful than what you can understand. > Mumble... but every user *is* a power user when installing and > configuring a system, no? "Is", no. That would assume that everybody knows their limits. Not true in my experience with human nature. > ...so yes, if it's not a channel under your control - or of someone you > decide to trust - you should better not use it (and do not copy/paste > configuration files you do not understand) Fine with me, but then we should (1) say so somewhere in the manual and (2) not recommend using such configuration files for performing tasks that ought to be accessible to ordinary users. > I recently read this "Curl to shell isn't so bad" article (thanks ARota) > https://arp242.net/curl-to-sh.html > > =C2=ABIn the end it=E2=80=99s still just running code you didn=E2=80=99t = personally audit on > your computer, and a matter of trust.=C2=BB Exactly. It's OK for us to ask users to trust the Guix team, which they have to do anyway if they use Guix. So configuration files provided by Guix itself are not a problem. But if we tell people that Guix is great for reproducing someone else's computation, and that the best way to share a computation is publishing a manifest file, then we are encouraging people to run code from untrusted sources. Which leaves three options: 1. Provide a safe way to re-create environments from untrusted sources. 2. Don't recommend reproducing someone else's computation using Guix. 3. Explain why reproducing someone else's computation is a risky procedure that should be reserved to power users. Cheers, Konrad.