From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id UHiKNFdxoWAQPwAAgWs5BA (envelope-from ) for ; Sun, 16 May 2021 21:24:07 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id qMFHMFdxoWCNIQAA1q6Kng (envelope-from ) for ; Sun, 16 May 2021 19:24:07 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5CE89179BB for ; Sun, 16 May 2021 21:24:07 +0200 (CEST) Received: from localhost ([::1]:38808 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1liMMw-0007GA-Ic for larch@yhetil.org; Sun, 16 May 2021 15:24:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36532) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1liMM4-0005Yp-5W for guix-devel@gnu.org; Sun, 16 May 2021 15:23:12 -0400 Received: from mx1.riseup.net ([198.252.153.129]:39450) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1liMM2-0000mt-Dl; Sun, 16 May 2021 15:23:11 -0400 Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4FjscF1zWqzDsgB; Sun, 16 May 2021 12:23:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1621192989; bh=/WqLPgxDlSP5WJdCCZ6DA431Z8VFx6XM/SoJSSg/qBM=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=qG3oC6UZkmueAY7S48Kc1s1+TGFI7g1IkhkDVvvwLPKcF38IxaF/OeAqS/z4vakAL jv7N6XFDIUw5GKUxvdG5Y1Qc5VbrYc//4Xzvm10BSp1CbzAUAhCFhfQnT0/W8R+Hn+ 7BfoaEPgVUezw85Me9G1uSJ8MrSS3ftAQpCT/4vU= X-Riseup-User-ID: 68E40AF1D70E34252D1803030109F1E4D8115DDCC65388E641FD1FDD9322E6BE Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews1.riseup.net (Postfix) with ESMTPSA id 4FjscD2njfz5vbC; Sun, 16 May 2021 12:23:08 -0700 (PDT) Date: Sun, 16 May 2021 20:17:31 +0200 From: raingloom To: Ludovic =?UTF-8?B?Q291cnTDqHM=?= Subject: Re: unifying mcron and shepherd, service woes, improvements Message-ID: <20210516201731.56a80ef6@riseup.net> In-Reply-To: <87fsyohr07.fsf@gnu.org> References: <20210515003937.3dbb4bb4@riseup.net> <87fsyohr07.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=198.252.153.129; envelope-from=raingloom@riseup.net; helo=mx1.riseup.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "guix-devel@gnu.org" Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1621193047; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=g4CQOZ9wLBp9GPjhc9C8U1Hwnmnd+xl20uBaVDkQf7s=; b=cP72ov0HG88Oj95S2+mXI2Yenteauc+PYyZ+UZdbhHcEjCGZ4JyIzGpBjmUeh232pTQj2c izPSbXSCo8Hh+cjFFwbTsAt6Y0AO1aCPcYyBv5e7kxQxr5wbslgONFtwnHGwzE46wrNv/y E5UwAHOyk7H3X7p60j/tTceLi7klLQ9rwMSKuYO1+4blQqfbfy/QH+IsFilVpfm5Jodzsj rJIOXDDh82ojQmWxyIGLHzZCZg+4yjxi6SUHiOpPK/2IjWumbgvzYTNsPnXAOrKkaOja2W 8gunxPG/d8qJO8pyvDRzQUWUotjPfTXO6R+FqMKhAzg90suJsvAjs6wSVm3UQQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1621193047; a=rsa-sha256; cv=none; b=iVOILUrWbuJTTj/FRq75aQNsIi2m3TFTUixaQ6D3/IEuFIz6B3MVYm0WvRJhaLyga70fyP UVg6YlHgfMEiaaj7lxaPiYrrLQQ7wSRruSLZ6l5rv0+7AcDk9I3T+Oiaynm0jCZ/83k4MK StGlKAEXCqr0/HllBbOMOnf0Pworr+lFTBKiEScU7Jp7ztoxV733BVCI/bBT9nPxq1xF8B oMfBrWIGfMkSnWsJmPd3EaR/2HIDzfyDrkYFxfL5PUk1oKgSEUD65CBBilZtHIJvv/NbGd aLlS8+UafWWVnMvMYzQqNxRFHrOSSqU2gIorsv70dULNCVz2jWu+ixjV3a3KCg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=riseup.net header.s=squak header.b=qG3oC6UZ; dmarc=pass (policy=none) header.from=riseup.net; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -1.65 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=riseup.net header.s=squak header.b=qG3oC6UZ; dmarc=pass (policy=none) header.from=riseup.net; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 5CE89179BB X-Spam-Score: -1.65 X-Migadu-Scanner: scn0.migadu.com X-TUID: Gx6+KwW2DdVT On Sat, 15 May 2021 18:59:52 +0200 Ludovic Court=C3=A8s wrote: > > Security could also be improved probably. Can we have an OCAP model? > > I feel like I don't know enough to say, so this mail is meant more > > as a conversation starter. =20 >=20 > I think =E2=80=9Chaving an ocap model=E2=80=9D sounds nice but also vague= . :-) >=20 > A concrete step we can take is follow the principle of least authority > (POLA) for more services. That was the spirit of > . By OCAP I was thinking of things like not having global state, or at least not having it implicitly. Something more functional. The lambda calculus supports the OCAP model, and Guix is all about being functional, so service management should not be any different. Would also be nice if replacing running components was supported, a la Erlang. Maybe steal the supervisor tree idea as well.