From: Konrad Hinsen <konrad.hinsen@cnrs.fr>
To: Katherine Cox-Buday <cox.katherine.e@gmail.com>
Cc: guix-devel@gnu.org, "Ludovic Courtès" <ludovic.courtes@inria.fr>,
guix-science@gnu.org
Subject: Re: [Spam:]Re: “What’s in a package”
Date: Wed, 22 Sep 2021 20:20:27 +0200 [thread overview]
Message-ID: <m1bl4kwjys.fsf@fastmail.net> (raw)
In-Reply-To: <87r1dgy7og.fsf@gmail.com>
Katherine Cox-Buday <cox.katherine.e@gmail.com> writes:
> As we've seen these past years with COVID-19 and the world's supply
> chains, efficiency has some kind of inverse relationship with
> robustness. If you go too far down the path of efficiency, you are not
> very flexible, and you're building sand castles.
That's exactly what I have seen happening in scientific software for a
while :
https://hal.archives-ouvertes.fr/hal-02117588
> It's for this reason I appreciate having "robust" software underneath
> my sand castle. At least I know only so much can crumble :)
100 % agreement!
> I want to be careful here in what I suggest. I think it is very
> important that Guix remain a bastion of robust software with very high
> standards. I don't want to see the PyPi PyTorch packages of the world
Me neither. My suggestion was for support in Guix the tool, not Guix the
software distribution. People can/should package their sand castles in
their private channels.
> So with your example: make it really easy to transform that PyPi
> package into a terrible Guix primitive of some kind, but don't let me
> commit it to Guix proper.
I trust our maintainer team to not let this happen.
> Maybe interactive software that introspects how a package
> is written and behaves at runtime (in a container?) and utilizes the
> homoiconicity of scheme to suggest modifications of the package, or
> next steps. E.g. expand the linter to suggest things like
That sounds interesting!
> Speaking of industry, I don't think we leverage software to build software enough.
Definitely not.
> And by the way, none of those ideas would be possible if Guix weren't
> such a robust and sane ecosystem.
Exactly. We can discuss (and more) adding sloppy stuff on top of Guix,
but it wouldn't work the other way round.
"Jonathan McHugh" <indieterminacy@libre.brussels> writes:
> Your focus regarding a transition from exploratory to robust is
> important (though may have equal significance in the other
> direction?).
Not equal as I see it, but yes, it matters as well, for dragging a
stable package out int the open again for significant improvements.
> Would security experts have (understandable) criteria to prioritise
> choices for 'robust corridors' within an ecosystem of sourcefiles and
> encapsulated blobs?
I'd love to hear from security experts too!
Konrad.
next prev parent reply other threads:[~2021-09-22 18:51 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-20 12:36 “What’s in a package” Ludovic Courtès
2021-09-21 20:20 ` Katherine Cox-Buday
2021-09-22 13:32 ` [Spam:]Re: " Konrad Hinsen
2021-09-22 15:02 ` Katherine Cox-Buday
2021-09-22 18:20 ` Konrad Hinsen [this message]
2021-09-22 15:44 ` Jonathan McHugh
2021-09-22 19:44 ` zimoun
2021-09-23 7:36 ` Ludovic Courtès
2021-09-23 15:25 ` Katherine Cox-Buday
2021-09-24 9:04 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1bl4kwjys.fsf@fastmail.net \
--to=konrad.hinsen@cnrs.fr \
--cc=cox.katherine.e@gmail.com \
--cc=guix-devel@gnu.org \
--cc=guix-science@gnu.org \
--cc=ludovic.courtes@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).