Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support

[Christopher Lemmer Webber <cwebber@dustycloud.org>]

Adonay Felipe Nogueira writes:

> Em 24/09/2018 11:14, Ludovic Courtès escreveu:
>> Christopher Lemmer Webber <cwebber@dustycloud.org> skribis:
>>>    - There's also Google's recent work with Magenta/Fuschia.  From what
>>>      I've read, architecturally this looks right.  I think the reason
>>>      for worry here is the same difficulty the community has had to
>>>      build actual community and libre distributions on top of the
>>>      Android ecosystem could apply here.
>> 
>> Indeed.
>> 
>> We could also mention MINIX, which many of us are already using daily.
>> :-)
>> 
>> Putting aside Fuschia, I think the Hurd and MINIX are by far the
>> solutions that require the less work to be in a state where people with
>> “regular needs” like the rest of us to switch (MINIX is probably in that
>> state already.)
>> 
>> The Hurd already has a very advanced POSIX C library, which is not
>> negligible, especially compared to the other OSes.  Much progress has
>> been made in recent years wrt. drivers (using the Rump kernel in
>> particular.)  There are of course serious shortcomings, in particular
>> lack of 64-bit and SMP support.  But fixing these is relatively “little
>> work” in the grand scheme of things.
>> 
>> To put this in perspective, consider Linux namespaces: they have already
>> seen years of evolution, and the story of user namespaces shows that
>> it’s far from complete.
>
> I don't know if what I'll say will be off-topic here given that this
> list is about Guix development, not on general free/libre software
> activism, but please forgive me anyways.
>
> So, my worry is that if we somehow were to support Fuchsia and if it
> were to be not strong auto-upgradable copyleft with community-oriented
> enforcement, then we could actually loose the freedoms of the software
> for the end user. This thought was initially presented by Eben Moglen
> during one of his talks[1], but I just tried to bring the issue to Guix.
>
> [1]
> https://media.libreplanet.org/u/libreplanet/m/the-free-software-movement-in-the-age-of-trump/

It's a valid concern, and one that applies to seL4 which I have
advocated on this thread as well.  However, I think we've seen a big
difference in "community-run" free software projects under a lax license
(which tend to stay free and good for the users) and "corporate-run"
throw-the-code-over-the-wall projects (which tend to be less so, and
Android is a great example).

However in a sense this is why we need to push, as a community, to get
our feet into the door of a secure, ocap-powered system for users.
Because users *need* and will want that security; systems are just so
dangerously insecure.  If we don't get the community in there, we'll
leave it up to and Android-like sorry state where you've just got some
large powers and users and communities desparately trying to figure out
how to stay free underneath them, and most users not even trying or know
how they could.