From: Ricardo Wurmus <rekado@elephly.net>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: Zhu Zihao <all_but_last@163.com>,
guix-devel@gnu.org, guix-science@gnu.org
Subject: Re: “Building a Secure Software Supply Chain with GNU Guix”
Date: Mon, 18 Jul 2022 14:38:19 +0200 [thread overview]
Message-ID: <87o7xmtwu5.fsf@elephly.net> (raw)
In-Reply-To: <87lesqzjpo.fsf@gnu.org>
Ludovic Courtès <ludo@gnu.org> writes:
>> My two cents: When depolying a manifest, we use `guix package -p
>> <path-to-profile> -m <path-to-manifest>`, This command consists two
>> parts. Guix will first evaluate the packages specified in the manifest,
>> and build the profile. And then populate the profile to given
>> destination. The first part can be done in a sandboxed environment, or a
>> non-privileged account like "nobody".
>
> Sure, though at a technical level is trickier than this, and again, it
> doesn’t change the fact that you’ll end up running code provided by the
> very same developers.
It may still be worthwhile adding a few restrictions. One scenario that
caught me by suprise: deleting files in a snippet. I forgot quoting the
snippet and ended up running the deletion code on the host side – in my
working directory. Nothing bad happened and we’ve never committed any
mistake like that to the repository, but it is conceivable that
something like this gets past the review and ends up deleting files.
A safety net would prevent a small mistake like a missing quote from
having potentially large side effects.
Of course, all this is orthogonal to securing the supply chain, which is
what the paper is about.
--
Ricardo
next prev parent reply other threads:[~2022-07-18 12:44 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-30 14:13 “Building a Secure Software Supply Chain with GNU Guix” Ludovic Courtès
2022-06-30 21:37 ` bokr
2022-07-01 9:21 ` zimoun
2022-07-03 10:38 ` Bengt Richter
2022-07-04 8:21 ` zimoun
2022-07-04 14:56 ` Bengt Richter
2022-07-04 7:44 ` Ludovic Courtès
2022-07-17 7:54 ` Zhu Zihao
2022-07-18 8:45 ` Ludovic Courtès
2022-07-18 9:40 ` Zhu Zihao
2022-07-18 12:30 ` Ludovic Courtès
2022-07-18 12:38 ` Ricardo Wurmus [this message]
2022-07-19 13:53 ` Maxime Devos
2022-07-19 7:21 ` Arun Isaac
2022-07-19 12:11 ` Ludovic Courtès
2022-07-20 6:17 ` Arun Isaac
2022-07-19 13:45 ` Maxime Devos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87o7xmtwu5.fsf@elephly.net \
--to=rekado@elephly.net \
--cc=all_but_last@163.com \
--cc=guix-devel@gnu.org \
--cc=guix-science@gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).