From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maxim Cournoyer Subject: Re: server and client in one package -> security issue Date: Mon, 24 Apr 2017 16:01:14 +0900 Message-ID: <87h91ep9vp.fsf@gmail.com> References: <20170201204312.3005-1-contact.ng0@cryptolab.net> <87mvdvxq9v.fsf@gnu.org> <20170209182030.ngn2dsdfbzsmymdj@wasp> <87efz7asit.fsf@gnu.org> <96fa2c02-f5da-d4f5-6074-04b29f5376fb@crazy-compilers.com> <20170214101651.068fb59a@scratchpost.org> <58A2DF8E.3040902@crazy-compilers.com> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:48496) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d2Xzv-0006nb-Hx for guix-devel@gnu.org; Mon, 24 Apr 2017 03:01:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d2Xzp-00078w-Ku for guix-devel@gnu.org; Mon, 24 Apr 2017 03:01:23 -0400 Received: from mail-it0-x242.google.com ([2607:f8b0:4001:c0b::242]:34097) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1d2Xzp-00078r-Ew for guix-devel@gnu.org; Mon, 24 Apr 2017 03:01:17 -0400 Received: by mail-it0-x242.google.com with SMTP id c26so6509639itd.1 for ; Mon, 24 Apr 2017 00:01:17 -0700 (PDT) In-Reply-To: <58A2DF8E.3040902@crazy-compilers.com> (Hartmut Goebel's message of "Tue, 14 Feb 2017 11:44:30 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Hartmut Goebel Cc: guix-devel@gnu.org Apologies for digging up a 2 months old message, but I felt compelled to :) Hartmut Goebel writes: > Am 14.02.2017 um 10:16 schrieb Danny Milosavljevic: >> I don't think Guix should do that, though. > > I think guix should provide the tools for doing so. Guix has the big > advantage of providing trustworthy packages, but kicks itself out of the > race if hardening is so much complicated. > >> IMO locking down everything for users is basically the antithesis of the FSF. > > The "user" is the company, the employees work on behalf of the company. > So the software freedom has to be available toe the company not to the > individual employee. > >From what I've read and understand, freedom is for any and all individuals running the software. The employees of your company also deserve freedom. Freedom doesn't necessarily goes against good security. I believe Guix and Hurd are steps in the right direction in achieving freedom of users in a shared/corporate environment. > As a company I'm expecting the user to *not* install software on their > computers (not talking about developers here). Otherwise its like > allowing workers to bring their own hammer to the building site or their > own machines into the factory building. If the hammer is inappropriate > and is deforming all nails, or the machine is producing scrap, the > company the the one bear the consequences. I believe one of GNU's goal is to bridge (remove the gap between) developers and users. The system should empower the users to experiment/study/learn/share the software if they want to and removing barriers to the tools. My 2 cents, Maxim