From mboxrd@z Thu Jan 1 00:00:00 1970 From: Konrad Hinsen Subject: Re: Profiles/manifests-related command line interface enhancements Date: Sun, 17 Nov 2019 11:44:55 +0100 Message-ID: References: <87mudrxvs8.fsf@ambrevar.xyz> <87mudd59ho.fsf@gnu.org> <877e4glyc3.fsf@ambrevar.xyz> <87v9rxx8ri.fsf@gnu.org> <87d0e4oy51.fsf@ambrevar.xyz> <878sop6icq.fsf@gnu.org> <87d0drscng.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:36849) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iWI3B-00049w-DF for guix-devel@gnu.org; Sun, 17 Nov 2019 05:45:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iWI3A-0008A5-6A for guix-devel@gnu.org; Sun, 17 Nov 2019 05:45:01 -0500 In-Reply-To: <87d0drscng.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org Hi Ludo, > I=E2=80=99d like to think that writing Guile declarations for the OS conf= ig, > manifest, etc. is not just for =E2=80=9Cpower users=E2=80=9D. After all = people, or > rather =E2=80=9Ccomputer-savvy=E2=80=9D people in a broad sense, write JS= ON, YAML, > custom config files etc. routinely, and I don=E2=80=99t think the typical= config > we propose is any =E2=80=9Charder=E2=80=9D. You may say I=E2=80=99m a dr= eamer, but I=E2=80=99m not the > only one. =F0=9D=85=9E=F0=9D=85=9F ;-) The problem with powerful formal languages (read: Turing-complete) is not writing, but (1) debugging and (2) reading. 1. Writing a manifest file in Guile is no harder than writing a list in YAML or whatever. But leave out the closing quote behind a package name, and you will get an error message that will make no sense to someone unfamiliar with the *complete* Scheme syntax. For a small and simple file, you can usually spot the problem by inspection (i.e. without the error message), but for more complex files, it makes sense to use a more constrained language in order to provide better error reporting. BTW, the Racket team makes that point to argue for their rather complex macro system. It takes much longer to master than traditional Lisp or Scheme macros, but it supports writing macros with error reporting that makes sense to someone who didn't read the macro code. 2. Power users will always write code in powerful languages that exceed what less advanced users can deal with. And since power users are not necessarily benevolent, this creates a trust issue for the less advanced ones. For a long version of these arguments, see https://hal.archives-ouvertes.fr/hal-01966145/document > I think we need to focus on specific scenarios though. Definitely! > IOW, users of a channel have to trust it to not be malicious, > regardless of the fact that its Guile code runs unrestricted. Yes. That's perhaps something that the manual should point out explicitly. Also, a more specific user interface ("guix channel add URL") could show a warning. > For manifests shared over the net, the situation may be different: a > manifest could refer to packages in the channels you trust, and thus > there=E2=80=99s value in not having to trust the manifest code itself. Exactly, and that's the idea that got me into this thread. > It=E2=80=99s still a bit too abstract, but for the purposes of sharing and > publishing =E2=80=9Csuper packages=E2=80=9D as you wrote, we could define= a > purely-declarative format (could be JSON, could be Guile code that can > run under (ice-9 sandbox) or with =E2=80=98eval/container=E2=80=99) that = people could > use instead unrestricted as is currently the case. Yes, that's one way to go. BTW, I didn't know about eval/container, I'll have to look at it! Cheers, Konrad.