From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 6H1mOCExl2Mg9wAAbAwnHQ (envelope-from ) for ; Mon, 12 Dec 2022 14:48:18 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id 4CtsNyExl2NHHwEAG6o9tA (envelope-from ) for ; Mon, 12 Dec 2022 14:48:17 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id AB94B105C8 for ; Mon, 12 Dec 2022 14:48:17 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1p4j9P-00025d-79; Mon, 12 Dec 2022 08:47:24 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p4j9N-00024K-QX for guix-devel@gnu.org; Mon, 12 Dec 2022 08:47:21 -0500 Received: from mailout.easymail.ca ([64.68.200.34]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p4j9L-0001ay-AQ for guix-devel@gnu.org; Mon, 12 Dec 2022 08:47:21 -0500 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 8F5FDE7649; Mon, 12 Dec 2022 13:47:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bokr.com; s=easymail; t=1670852833; bh=8c51/p8nJuCFXruM5EE6HBxIl+ZE5Jks4mThVnkofFw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=DjokiSMnnnMY2yuiBwjqt/o0oVZkya1NhWsdt4yCGXyu4TCCvJDCjexmDyZEtluPc eIai1eF9r+nYvPZ7YEJsXYGuuHv/8TjxU6/D4TFPniVE5wqrWOxWU/uj3v7oiCNMAc WaVEeYVKz3Ju/FOYNmXOcYNPKvJskgUoQjQRoHqr6A+zVow+CgCyIMEOGTzHlhz1PJ EiL0apafAAC+0f74oiPWCci8Bq41XmLTeFLyhJ2ysHljK+aYdtV5dT8JCH2IXR+Gop xSC3EAp9l59aB8M//1JNM12uxQS1LWhKb4Feg6JWo8CrvKSdQjoVi6T2TdVZznYU+3 ZBxDlTzzYIIkw== X-Virus-Scanned: Debian amavisd-new at emo08-pco.easydns.vpn Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo08-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9MNEkaxmc5NU; Mon, 12 Dec 2022 13:47:12 +0000 (UTC) Received: from localhost (m90-129-209-124.cust.tele2.se [90.129.209.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 5A760E764D; Mon, 12 Dec 2022 13:47:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bokr.com; s=easymail; t=1670852832; bh=8c51/p8nJuCFXruM5EE6HBxIl+ZE5Jks4mThVnkofFw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=EOwL03FZ3I8r5iDiZP2jkj1dA6y3zN/iAqfYarZNN6IT+AzdDdAOR/73qaIrDFdKd VnkSxcbAfJXQ3bgKy8jBAeiR8m7RVg1WJ8YaQKGm9sfRGFHFiDPke9KjnguZKmOzRL FeeA7Sm2MSa04s+H+RWjPgMKhq7H4RKF1QauHYJr/3jyEQ+LUOYPpK4VuI+uR29wxM ABV1w7lIjkS8L66nTiRr6Z8FUpVFX1LbJys63c+MmkUM+mOv4u6iQmvaRcaGDWrwWH K507/2ye5wgZN4J+c9egjNAYiBPnCghAsAirkvn1Qa85+Fiec3n3dxDybJ0gxMPtNf psACK3QrCI/gQ== Date: Mon, 12 Dec 2022 14:46:57 +0100 From: Bengt Richter To: "(" , cancontain@LionPure Cc: =?utf-8?B?5a6L5paH5q2m?= , guix-devel@gnu.org Subject: Re: Dissecting Guix -- blog post series Message-ID: <20221212134657.GA29501@LionPure> References: <87v8ml823k.fsf@envs.net> <20221209093250.GA5724@LionPure> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Received-SPF: pass client-ip=64.68.200.34; envelope-from=bokr@bokr.com; helo=mailout.easymail.ca X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1670852897; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=TKjUZZTkNPntCrc6HMe6B5aZ/u4+poqO1ypuJqpiV+A=; b=WzuD33OF9sBUQvEe6et1vZNvE/fCFVze9arUA2dMxOZ6SmcZOC4O8KA8Qfj+Avf37zVNhS WIkDnxSmWcP/Zc38uLBb/BPRot8YK8kRy/HhW+LN0Nwp/B9sssK3QIR5UYcFjK7qqsXs7U a3qJGjQqwfUck0qoi7KXExZWn47+RuWHWk7bI22UQDjmbBBFN0ImzasLGFu/lqXvhsTFco 5fLDLCwL5ifP9R5Sv1ZiYjbNIDkg0xde5H4hzB0XBt33pVH+cUMpBzy8VRc9UwujIyOEDa DpmG6N6A+tkUcQRTqlF/OoSrJfFSozXcwMrC79kb2yn1zbkIqtk2slRHmLp8nw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=bokr.com header.s=easymail header.b=DjokiSMn; dkim=fail ("headers rsa verify failed") header.d=bokr.com header.s=easymail header.b=EOwL03FZ; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1670852897; a=rsa-sha256; cv=none; b=vCnI8MO7mqODUgmi64tDzSFQvN4BCEjHEoBVxlKex0zivoSwoR6NGxzE5pyDsZUVqzWgXZ t091wmxd/ivOsJSz2oue6SmYp8a1SFuNJicNjyAqeJ2wKjUcPXOSqV5GvDxtguFwb17ye/ BysNXQdKY69iRP1nRkebpNCx2jcGo1aR3wNGTemV68MhIWeDQ4qGY3bobxYdVFbsKkn/nb x8rrsr+nZDpjjIBbeZYSaOt7AOaWQlMfI6FkzxdNxli0+rP8GMs6wo/jGiT9tSUV/2ZyRv T9B4EYZEitC5TYPnAoXidnVaYKmyExCU0/V9frsa1FApJ3aCP279ck7qZt1rDg== X-Migadu-Spam-Score: -1.46 X-Spam-Score: -1.46 X-Migadu-Queue-Id: AB94B105C8 X-Migadu-Scanner: scn1.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=bokr.com header.s=easymail header.b=DjokiSMn; dkim=fail ("headers rsa verify failed") header.d=bokr.com header.s=easymail header.b=EOwL03FZ; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none X-TUID: GN5Kl0eNuhpJ Hi, On +2022-12-09 17:25:35 +0000, ( wrote: > Heya, > > On Fri Dec 9, 2022 at 9:32 AM GMT, wrote: > > How does a gullible noob like me know what the dangers might be, (e.g. http:) > > and how to avoid (most of) them by finding a guix version that has been > > gone through with a fine-tooth comb by trusted guix devs and has been > > re-hosted at gitlab or gnu.org, etc ... for added security? > > Sorry, I don't really understand; how is this relevant to derivations? :) > > -- ( Maybe I mis-imagine your assumptions about your audience. For myself, I would like an emacs M-x idiot-mode so I could run a boot-bricker-test.sh script someone has posted, without worrying that in plain cli context, it will /actually/ brick my machine :) I am assuming if your lowlevel examples are really good, they will be used as bases for cut/paste variants that people will then post and implicitly prompt each other to try.. I don't trust that everything thus posted will be both benevolent and competently avoiding security vulns. I can't even trust my own stuff. I make too many mistakes :) So, narrowly focusing on derivations, maybe trust is not technically relevant, but in the larger social context gullible noobs like me need all the help we can get about recognizing potentially dangerous code. And I think derivations can potentially contain or generate or activate code one should not trust. So that's how I see asking for trust info being relevant to derivations :) -- Regards, Bengt Richter