From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id SDiNMyg2W2F7tgAAgWs5BA
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 04 Oct 2021 19:13:12 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id CAcrLyg2W2HOfAAAB5/wlQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 04 Oct 2021 17:13:12 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 8444F35798
	for <larch@yhetil.org>; Mon,  4 Oct 2021 19:13:12 +0200 (CEST)
Received: from localhost ([::1]:47862 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1mXRWZ-000286-BT
	for larch@yhetil.org; Mon, 04 Oct 2021 13:13:11 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:37396)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mXRWQ-000252-Vf
 for guix-patches@gnu.org; Mon, 04 Oct 2021 13:13:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:54957)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mXRWQ-0002Gp-Mo
 for guix-patches@gnu.org; Mon, 04 Oct 2021 13:13:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1mXRWQ-0003qq-Go
 for guix-patches@gnu.org; Mon, 04 Oct 2021 13:13:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#50960] [PATCH 00/10] Add 'guix shell' to subsume 'guix
 environment'
Resent-From: Maxime Devos <maximedevos@telenet.be>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 04 Oct 2021 17:13:02 +0000
Resent-Message-ID: <handler.50960.B50960.163336757514778@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 50960
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>,
 Vagrant Cascadian <vagrant@debian.org>
Cc: 50960@debbugs.gnu.org
Received: via spool by 50960-submit@debbugs.gnu.org id=B50960.163336757514778
 (code B ref 50960); Mon, 04 Oct 2021 17:13:02 +0000
Received: (at 50960) by debbugs.gnu.org; 4 Oct 2021 17:12:55 +0000
Received: from localhost ([127.0.0.1]:38266 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1mXRWI-0003qI-Mu
 for submit@debbugs.gnu.org; Mon, 04 Oct 2021 13:12:54 -0400
Received: from albert.telenet-ops.be ([195.130.137.90]:59150)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@telenet.be>) id 1mXRWE-0003q6-OS
 for 50960@debbugs.gnu.org; Mon, 04 Oct 2021 13:12:53 -0400
Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d])
 by albert.telenet-ops.be with bizsmtp
 id 1tCp260010mfAB406tCpME; Mon, 04 Oct 2021 19:12:49 +0200
Message-ID: <9fedb2b3797673ad7f6f0cbd5731cbc632b1b587.camel@telenet.be>
From: Maxime Devos <maximedevos@telenet.be>
Date: Mon, 04 Oct 2021 19:12:40 +0200
In-Reply-To: <874k9xrxxj.fsf@gnu.org>
References: <20211002102116.27726-1-ludo@gnu.org> <871r53htdv.fsf@yucca>
 <874k9xrxxj.fsf@gnu.org>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-zCAtNyzDBKrYR8y/3aag"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21;
 t=1633367569; bh=GdzeVpgUB/Fu46EhAOnBL4yrH0DxAK0l0A+qFuSDij0=;
 h=Subject:From:To:Cc:Date:In-Reply-To:References;
 b=nwXfPdVs8OdkYMjE5NmnQ4Dto9NvZIhnKZgqlWeVHLXfJFaaZr4iGtNM9j/tPn7sW
 jkFUfaa6H5gmQfJmJo9AK05fxe/l7YRWLKPlnIJuMsWX4uAr4qKD6Cjwatzxz+sSI+
 J5rL1OznM6BWlQ1EhOpxS4bdqPLLtjxrrj/OQvoVYtEUXhbi8mHIsHijkH3vV/ZKeG
 wNw3HpCeEGAGaS3Md7HjSNvCPqSPCttboJD4cuw0AAK7BRKa7j31xKOK1MBfR2cvyB
 btRwUNH3e6r0Flqp3aYsbjUOPQvwhylMoh85pMu9/YVcVjaeINf9GyCYSDGPBm0ze3
 Ts50ImbeIjp8g==
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1633367592;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post:
	 dkim-signature; bh=GdzeVpgUB/Fu46EhAOnBL4yrH0DxAK0l0A+qFuSDij0=;
	b=JHShvgNSFNBtPaT2xeRTnMYj1S/TU5BAmHgokAVZH78pgdvoMZva3jQ9COkrxkqIvpGTkE
	r+1EWcOkPiW+Gr7D0+DduDSKuBYavAAcWVFC4dRLRBsJWm/6p01tYDK3tV4OkPV9jY56VT
	dHWZE2C+PaU66RSRCdHDJTqFN47Qf3G/G6daFUttBP3ak6lnqP9jVPbgt51NvvfeKVfcac
	dDODzIo4fE6iB0sU1kr9wRJUrsGHtODnR6zO5cEMKY75Evp3yLtF12CUNmK8/hzQjIoSQG
	IyluFngGfuhIAv31jOvPYDs0JyrHfy11CGcDWQm0OfbIGcYXh0ru9i2ZUkdA7Q==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1633367592; a=rsa-sha256; cv=none;
	b=ZCOUP/qAb37AgopusQUTMBTYQVAowUGE0/4Evd5/+D50coKp5t9BMmdA+ooGGgt3bWfL31
	3y3BVd+zWDLLqjkMlG2ODkJJzKtDJsdaL4GIh5jlr4vRwZCiJy6CxLUbEVWz6vYD20o81R
	0G4YFwTSdcDAH5A+xDzjpqN/5kkOP6xoWdYqUal/50vT+jHFWHiq9fgNxqrNLvO41H2UJ0
	sDC5Uja7JwqXpZlNEiuvkan3sgldkxK2zciUzU/5Qj6TlS4vKy/XaEFx+vg+AE+2QHopo4
	WB6BuKqoK5z+D523XLXr1eamUV4nf3Ro5kDscKRg4T5pzntceGMiXNkiPkV7vg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r21 header.b=nwXfPdVs;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none);
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Spam-Score: -3.41
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r21 header.b=nwXfPdVs;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none);
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Queue-Id: 8444F35798
X-Spam-Score: -3.41
X-Migadu-Scanner: scn0.migadu.com
X-TUID: tquYSxElgVl6


--=-zCAtNyzDBKrYR8y/3aag
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s schreef op ma 04-10-2021 om 10:34 [+0200]:
> Hello!
>=20
> Vagrant Cascadian <vagrant@debian.org> skribis:
>=20
> > On 2021-10-02, Ludovic Court=C3=A8s wrote:
>=20
> [...]
>=20
> > >   2. =E2=80=98guix shell=E2=80=99, without arguments, loads =E2=80=98=
guix.scm=E2=80=99 or =E2=80=98manifest.scm=E2=80=99
> > >      from the current directory or one of its ancestors.
> >=20
> > This sounds a little scary to me, just implicitly importing whatever
> > happens to be lying around doesn't sound very guixy...
>=20
> Right, it would be the first command that does that.
>=20
> I became quite convinced that conventions and, thus, implicit arguments
> can occasionally improve usability.  We use tools that operate this way
> daily: =E2=80=98make=E2=80=99, =E2=80=98git=E2=80=99, etc.  Dave nicely a=
rgued about it:

'git' doesn't run binaries in the repository, unless configured otherwise
(in .git/config I think).  =E2=80=98make=E2=80=99 and =E2=80=98bundle=E2=80=
=99 are verbs and are for building
source code, which needs to be checked for backdoors anyway, so those progr=
ams
implicitely reading code from the current directory seems acceptable.

"guix sh" seems to be useful outside software development.
E.g. I sometimes do
"guix environment --pure --ad-hoc minetest various-minetest-mods-... -- min=
etest",
which would become
"guix shell --pure minetest various-minetest-mods-... -- minetest".
I could very easily accidentally press the enter key after typing "shell"
(I write from personal experience), and this could easily happen from withi=
n,
say, a ~/Downloads directory with an untrusted guix.scm (e.g. downloaded fr=
om
some rando's site to look at later).

Conventions are nice, but loading arbitrary code from the current directory
by default is an exploit waiting to happen.  This situation seem like inclu=
ding "."
in PATH by default to me.

Greetings,
Maxime

--=-zCAtNyzDBKrYR8y/3aag
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVs2CBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7ju2APwMhHDa5IZLEuzUpci5cznfcmvr
qvJYcqAZ1o9bTBTsvQEA+mwVlhVJkbqa2R/eEqAvAesOY3jR1LQlh2w5IDUQOg8=
=L6bZ
-----END PGP SIGNATURE-----

--=-zCAtNyzDBKrYR8y/3aag--