all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Bengt Richter <bokr@bokr.com>
To: "(" <paren@disroot.org>, cancontain@LionPure
Cc: 宋文武 <iyzsong@envs.net>, guix-devel@gnu.org
Subject: Re: Dissecting Guix -- blog post series
Date: Mon, 12 Dec 2022 14:46:57 +0100	[thread overview]
Message-ID: <20221212134657.GA29501@LionPure> (raw)
In-Reply-To: <COXGNV79N6V1.1BUZC5IN8ML78@guix-framework>

Hi,

On +2022-12-09 17:25:35 +0000, ( wrote:
> Heya,
> 
> On Fri Dec 9, 2022 at 9:32 AM GMT,  wrote:
> > How does a gullible noob like me know what the dangers might be, (e.g. http:)
> > and how to avoid (most of) them by finding a guix version that has been
> > gone through with a fine-tooth comb by trusted guix devs and has been
> > re-hosted at gitlab or gnu.org, etc ... for added security?
> 
> Sorry, I don't really understand; how is this relevant to derivations? :)
> 
>     -- (

Maybe I mis-imagine your assumptions about your audience.

For myself, I would like an emacs M-x idiot-mode
so I could run a boot-bricker-test.sh script someone
has posted, without worrying that in plain cli context,
it will /actually/ brick my machine :)

I am assuming if your lowlevel examples are really good,
they will be used as bases for cut/paste variants that people
will then post and implicitly prompt each other to try..

I don't trust that everything thus posted
will be both benevolent and competently avoiding security vulns.

I can't even trust my own stuff. I make too many mistakes :)

So, narrowly focusing on derivations, maybe trust is not technically
relevant, but in the larger social context gullible noobs like me
need all the help we can get about recognizing potentially dangerous
code.

And I think derivations can potentially contain or generate or activate
code one should not trust.

So that's how I see asking for trust info being relevant to derivations :)
--
Regards,
Bengt Richter



  reply	other threads:[~2022-12-12 13:48 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-08 18:24 Dissecting Guix -- blog post series (
2022-12-09  7:31 ` 宋文武
2022-12-09  7:33   ` (
2022-12-09  9:32     ` bokr
2022-12-09 17:25       ` (
2022-12-12 13:46         ` Bengt Richter [this message]
2022-12-10 21:25 ` Mekeor Melire
2022-12-11 10:08   ` (
2022-12-12  1:43     ` Mekeor Melire
2022-12-12 17:26       ` (
2022-12-12 19:31 ` [PATCH guix-artwork v2] website: posts: Add Dissecting Guix, Part 1: Derivations (
2022-12-12 20:59   ` Mekeor Melire
2022-12-12 21:06   ` Mekeor Melire
2022-12-12 21:24     ` (
2022-12-15 14:26   ` Ludovic Courtès
2022-12-12 22:53 ` [PATCH guix-artwork v3] " (
2022-12-17 22:06 ` [PATCH guix-artwork v4] " (
2023-01-04 12:00   ` Ludovic Courtès
2023-01-05 12:00     ` (
2023-01-06  1:12       ` 宋文武
2023-01-09 11:13       ` Ludovic Courtès
2023-01-10  6:59         ` (
2023-01-11 21:59           ` zimoun

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221212134657.GA29501@LionPure \
    --to=bokr@bokr.com \
    --cc=cancontain@LionPure \
    --cc=guix-devel@gnu.org \
    --cc=iyzsong@envs.net \
    --cc=paren@disroot.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.