From mboxrd@z Thu Jan  1 00:00:00 1970
From: Giovanni Biscuolo <g@xelera.eu>
Subject: A better XML,
 config is code (was Re: Profiles/manifests-related command line...)
Date: Mon, 11 Nov 2019 16:56:59 +0100
Message-ID: <87lfsmpfsk.fsf@roquette.mug.biscuolo.net>
References: <87mudrxvs8.fsf@ambrevar.xyz> <87mudd59ho.fsf@gnu.org>
 <877e4glyc3.fsf@ambrevar.xyz> <m18souet41.fsf@khs-macbook.home>
 <87v9rxx8ri.fsf@gnu.org>
 <m11ruk1640.fsf@ordinateur-de-catherine--konrad.home>
 <87d0e4oy51.fsf@ambrevar.xyz>
 <m1v9rwym48.fsf@ordinateur-de-catherine--konrad.home>
 <878sop6icq.fsf@gnu.org>
 <m18sooyswk.fsf@ordinateur-de-catherine--konrad.home>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:38071)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <g@xelera.eu>) id 1iUC4F-0002ae-8P
 for guix-devel@gnu.org; Mon, 11 Nov 2019 10:57:28 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <g@xelera.eu>) id 1iUC4D-0008Md-Bp
 for guix-devel@gnu.org; Mon, 11 Nov 2019 10:57:26 -0500
Received: from ns13.heimat.it ([46.4.214.66]:43402)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <g@xelera.eu>)
 id 1iUC4D-0008LN-2N
 for guix-devel@gnu.org; Mon, 11 Nov 2019 10:57:25 -0500
In-Reply-To: <m18sooyswk.fsf@ordinateur-de-catherine--konrad.home>
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Konrad Hinsen <konrad.hinsen@fastmail.net>, guix-devel@gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hello Konrad,

this thread is slowly going OT from the initial subject, anyway I found
an interesting comment from you I would like to reply

Konrad Hinsen <konrad.hinsen@fastmail.net> writes:

> Hi Ludo,

[...]

>> Just to say I=E2=80=99m not willing to replace =E2=80=98config.scm=E2=80=
=99 with
>> =E2=80=98config.yaml=E2=80=99, if that=E2=80=99s what you had in mind.  =
:-)
>
> YAML is for kids. Real managers won't settle for less than full
> XML. ;-)

When I started studying Guix/Scheme (and I'm still far away from
understanding) I stubled on an article advocating Lisp to XML-minded
people like I was: http:/www.defmacro.org/ramblings/lisp.html

The point is: config.scm is better than config.xml that is better than
config.yaml that is better than config.json :-D

The real question is: a configure file is code or data?  IMHO is code,
especially when it comes to system configuration; for this reason every
user learn to *code* in some way or another (even when using a GUI to
configure software)

Systems are complex, we should avoid complicating them (think any
configuration management system you like :-O ) *and* we should also
avoid oversimplifying them [1]; this also means users must know what they
are doing

[...]

> The question is if we want Guix to remain exclusively a power tool for
> power users.

Mumble... but every user *is* a power user when installing and
configuring a system, no? The "only" difference is what tools *and*
binary distribution (or binary building) system we decide to trust when
installing and configuring our system, and our decision should be
informed

...so yes, if it's not a channel under your control - or of someone you
decide to trust - you should better not use it (and do not copy/paste
configuration files you do not understand)

I recently read this "Curl to shell isn't so bad" article (thanks ARota)
https://arp242.net/curl-to-sh.html

=C2=ABIn the end it=E2=80=99s still just running code you didn=E2=80=99t pe=
rsonally audit on
your computer, and a matter of trust.=C2=BB

Guix is the best candidate to build a software ecosystem which we can
trust (and we already have), starting from "almost zero" binary depends
via GNU Mes and stage0; and we can always /challenge/ any substitute
server :-)

This obviously does not solve the "trust in source code" problem [2],
but this is another story

[...]


Thanks! Gio'


[1] Docker "containers" are easier from an "end user" POV than
installing and configuring via a "classic" package manager... but have
you ever tried to understand what's installed in a 7 layer filesystems
container?!? So what is *seems* simple is often _complicated_ :-O=20

[2] and that was also *not* the scope of the famous Trusting Trust speech

=2D-=20
Giovanni Biscuolo

Xelera IT Infrastructures

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERcxjuFJYydVfNLI5030Op87MORIFAl3JhMwACgkQ030Op87M
ORLQPRAAxlbLBoUX82l7nGuETJKoaLMXeRX1CM+V05hHGMhfQ/gT9t/Guf3NeNaA
kR0ZnAOToa0xUbRxPN63zoKtdBgxKy06CgckPtPiKsIBXxuRp823JbHwhMmxBNxr
Xc/mmWm19BhHOwTK48hynaBYxKNhgXjj6Hfgt5xd7ZLsW4dGHbrywe57Gsk7KcBM
nfXbB1GLVH3tpeTIsQz63L1hkSHHp/jTVh5QbN4ysbXO+LcwtrqFWjERZ10mpWO1
Qlklz2XNf3zYe68mRtRYdQj8yzTRpoWUKJg+qvM2Bah+BJFIB5T7JEd46mn0I714
gS5FNCEzxcUkUS1ncoVyy9IniIPDyC5eEYaXNV4FShaSRdvyAeIEAFC9Z+K2ngMW
Leq05QFxntZLASJ4KxLv5U7KMN72y9G9xc2ThEIS/6xY1eX3IaT+EkYBIASmml6c
lQ0BIg/J82l/z2mRBwKqgCgCFg6BizSKAmne32SrTXd2zvNernmuZcLJ3EHAzDuh
wVuOY4s688DANLwT0stMsZW28v0KZry3kuAhbUY8i1CxQpNsZZalFs534rkjhi9w
vG+7uY/MjIOMdVaGho7ofJ+inxyKagT2VaXjBXqRYszClwAenkEnetVIeT9WqR6Y
o2b9FlJhqU5Z/+pRg2LlGdcax0GxYzpzZThqbV4y0wr17oH+J8A=
=lPlO
-----END PGP SIGNATURE-----
--=-=-=--