From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id mAjkDH+ASGHffgAAgWs5BA (envelope-from ) for ; Mon, 20 Sep 2021 14:37:19 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id IN+dCH+ASGF5cwAA1q6Kng (envelope-from ) for ; Mon, 20 Sep 2021 12:37:19 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A35CE9801 for ; Mon, 20 Sep 2021 14:37:18 +0200 (CEST) Received: from localhost ([::1]:55788 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mSIXt-0003i5-Ed for larch@yhetil.org; Mon, 20 Sep 2021 08:37:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40938) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mSIXj-0003eY-Fv; Mon, 20 Sep 2021 08:37:07 -0400 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:27074) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mSIXh-0008QF-3n; Mon, 20 Sep 2021 08:37:07 -0400 IronPort-HdrOrdr: =?us-ascii?q?A9a23=3A1JVroqwKUxwAVfr9/NZuKrPwK71zdoMgy1kn?= =?us-ascii?q?xilNoNJuHvBw9vre/sjzuiWetN98YhsdcJW7VpVoIkmslqKdg7N/AV7KZmCPhI?= =?us-ascii?q?LrFuBfBODZowEIbheOkNK1op0QFJSWZuecMbEDt7ef3ODuKadE/OW6?= X-IronPort-AV: E=Sophos;i="5.84,326,1620684000"; d="scan'208";a="393469653" Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Sep 2021 14:36:59 +0200 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: guix-science@gnu.org, guix-devel@gnu.org Subject: =?utf-8?B?4oCcV2hhdOKAmXM=?= in a =?utf-8?Q?package=E2=80=9D?= X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Jour de la Raison de =?utf-8?Q?l'Ann=C3=A9e?= 229 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 20 Sep 2021 14:36:58 +0200 Message-ID: <87wnnbpgnp.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=192.134.164.104; envelope-from=ludovic.courtes@inria.fr; helo=mail3-relais-sop.national.inria.fr X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-science@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-science-bounces+larch=yhetil.org@gnu.org Sender: "Guix-Science" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1632141438; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=KHlgBGrISFdu8sIun82lEt4l9ELSvfWBwxYytbbDgVY=; b=sTdLqII5gHqf/siT5Wq69oL1Uou1JNicAXHWh8kSHHClCF4Doz658INhWkUZtoHd6v4Tbx pl+3ceFeAzIEu9RDLRVzEV4M/5PKKO8fBTXxruBXRbj8R/ZFtp3Gt3IHVFEnuBZ9gYQg6y zDyhWH0IEeL1fL21EEoRWz58GQ52ZZaDHj1qR1sMjhdZjE0l7071EPQusdaJwWLVFQHPND CyXD5daiy7X4ht//wOYVy1PD5xv/YLdqKyPNAWDFS6v1x8lTzb36RG8mqC5xehW5OXQw8q XiJWiXYAbU8CoqBrOEn1YaAyqqNgcNs+rTXJjWq1SJc+BmBLkgmmuhpfvO+YKw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1632141438; a=rsa-sha256; cv=none; b=ZxwMXFKQWuLyC+XFcdN32YYWeQhpDJST5gwVot0CyA3PAp3gIE24pZYoqylzsmQQ7T6Io1 5vx8KdXKRzF/BpMPxxe58fCnT/z9EEwl+Ta5CnyCAW15iiNDhwIpHeyihZrtxYmxzz9gfE GFAsdQGUhVUQa4fQXSLWN89lHXTUmxjYGRv4gErbbFJIxjoK9vPi9vsAzfude2ttmkol+Z RimYkInooOGZ1huz+xvbfeyDVKDbjS6D/pqEJOw2Ga0eJSHBQ+nEkzw1AYFfHyVmhV0lxB neemyu5pc4DnUpW4F+sg+OjGtcOwSKZW0oeie+7bWNmbog6v8UQBVAXjuejjLA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of guix-science-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-science-bounces@gnu.org X-Migadu-Spam-Score: -2.39 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-science-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-science-bounces@gnu.org X-Migadu-Queue-Id: A35CE9801 X-Spam-Score: -2.39 X-Migadu-Scanner: scn0.migadu.com X-TUID: amh8l9VdaMqn Hello Guix! I and others are often disappointed (or angry!) when looking at the weaknesses of the most popular software deployment tools. I felt that acutely after packaging PyTorch last month and felt the need to look more closely at what others are doing and to document our motivation, having put so much sweat in all these packages: https://hpc.guix.info/blog/2021/09/whats-in-a-package/ It=E2=80=99s probably no news to people here, but the packaging approach ha= s a direct impact on verifiability, and thus on security and transparency, as expected from a scientific process. The idea is to explain all that looking at the contents of packages, in particular for pip and CONDA. Feel free to share with non-Guix people and to comment! Ludo=E2=80=99.