From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: Re: Profiles/manifests-related command line interface enhancements Date: Sat, 16 Nov 2019 23:02:27 +0100 Message-ID: <87d0drscng.fsf@gnu.org> References: <87mudrxvs8.fsf@ambrevar.xyz> <87mudd59ho.fsf@gnu.org> <877e4glyc3.fsf@ambrevar.xyz> <87v9rxx8ri.fsf@gnu.org> <87d0e4oy51.fsf@ambrevar.xyz> <878sop6icq.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:33491) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iW69H-0002Yk-MR for guix-devel@gnu.org; Sat, 16 Nov 2019 17:02:32 -0500 In-Reply-To: (Konrad Hinsen's message of "Sun, 10 Nov 2019 10:36:43 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Konrad Hinsen Cc: guix-devel@gnu.org Hi Konrad, Konrad Hinsen skribis: > YAML is for kids. Real managers won't settle for less than full XML. ;-) > > Seriously, as a power user, I am perfectly happy with Guile for > everything. I certainly don't want less. And for now, it's safe to > assume that most Guix users are power users. The question is if we want > Guix to remain exclusively a power tool for power users. I=E2=80=99d like to think that writing Guile declarations for the OS config, manifest, etc. is not just for =E2=80=9Cpower users=E2=80=9D. After all pe= ople, or rather =E2=80=9Ccomputer-savvy=E2=80=9D people in a broad sense, write JSON= , YAML, custom config files etc. routinely, and I don=E2=80=99t think the typical c= onfig we propose is any =E2=80=9Charder=E2=80=9D. You may say I=E2=80=99m a drea= mer, but I=E2=80=99m not the only one. =F0=9D=85=9E=F0=9D=85=9F ;-) > If not, we need to make sure that it won't become a malware platform, > by making it safe to use for people who don't read Guile code. In > particular, common use cases should not require users do download > unrestricted Guile code from untrusted sources. Definitely! I think we need to focus on specific scenarios though. For example, when you add a channel to ~/.config/guix, you=E2=80=99ll end up running its unrestricted Guile code as soon as =E2=80=98guix pull=E2=80=99 = is done. However, independently of that, you=E2=80=99ll most likely be installing packages defined in that channel, and then running them unrestricted. IOW, users of a channel have to trust it to not be malicious, regardless of the fact that its Guile code runs unrestricted. For manifests shared over the net, the situation may be different: a manifest could refer to packages in the channels you trust, and thus there=E2=80=99s value in not having to trust the manifest code itself. It=E2=80=99s still a bit too abstract, but for the purposes of sharing and publishing =E2=80=9Csuper packages=E2=80=9D as you wrote, we could define a purely-declarative format (could be JSON, could be Guile code that can run under (ice-9 sandbox) or with =E2=80=98eval/container=E2=80=99) that pe= ople could use instead unrestricted as is currently the case. Thanks, Ludo=E2=80=99.