Re: A better XML, config is code (was Re: Profiles/manifests-related command line...)

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Konrad Hinsen <konrad.hinsen@fastmail.net>
To: Giovanni Biscuolo <g@xelera.eu>, guix-devel@gnu.org
Subject: Re: A better XML, config is code (was Re: Profiles/manifests-related command line...)
Date: Wed, 13 Nov 2019 16:28:58 +0100	[thread overview]
Message-ID: <m1imnnbxs5.fsf@fastmail.net> (raw)
In-Reply-To: <87lfsmpfsk.fsf@roquette.mug.biscuolo.net>

Hi Giovanni,

> The real question is: a configure file is code or data?  IMHO is code,

Code is data with execution semantics, so "code" is a subset of "data".

I'd reformulate the question as: should configuration data be
literal data, or the result of a computation? The second opton
is more general, and therefore more powerful. If that is good or bad
depends on the application. If you are writing the configuration, you
appreciate more power. If you use someone else's, you might well prefer
it not being more powerful than what you can understand.

> Mumble... but every user *is* a power user when installing and
> configuring a system, no?

"Is", no. That would assume that everybody knows their limits. Not true
in my experience with human nature.

> ...so yes, if it's not a channel under your control - or of someone you
> decide to trust - you should better not use it (and do not copy/paste
> configuration files you do not understand)

Fine with me, but then we should (1) say so somewhere in the manual and
(2) not recommend using such configuration files for performing tasks
that ought to be accessible to ordinary users.

> I recently read this "Curl to shell isn't so bad" article (thanks ARota)
> https://arp242.net/curl-to-sh.html
>
> «In the end it’s still just running code you didn’t personally audit on
> your computer, and a matter of trust.»

Exactly. It's OK for us to ask users to trust the Guix team, which they
have to do anyway if they use Guix. So configuration files provided by
Guix itself are not a problem.

But if we tell people that Guix is great for reproducing someone else's
computation, and that the best way to share a computation is publishing
a manifest file, then we are encouraging people to run code from
untrusted sources. Which leaves three options:
 1. Provide a safe way to re-create environments from untrusted
    sources.
 2. Don't recommend reproducing someone else's computation using Guix.
 3. Explain why reproducing someone else's computation is
    a risky procedure that should be reserved to power users.

Cheers,
  Konrad.

next prev parent reply	other threads:[~2019-11-13 15:29 UTC|newest]

Thread overview: 73+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-23 16:37 Profiles/manifests-related command line interface enhancements Pierre Neidhardt
2019-10-24  9:00 ` Mark H Weaver
2019-10-24  9:32   ` Pierre Neidhardt
2019-10-24 16:28     ` Pierre Neidhardt
2019-10-24 16:42     ` Danny Milosavljevic
2019-10-24 18:16       ` Pierre Neidhardt
2019-10-24 19:23         ` Mark H Weaver
2019-10-24 20:04           ` Pierre Neidhardt
2019-10-24 21:35             ` Mark H Weaver
2019-10-25  9:29               ` Pierre Neidhardt
2019-10-31 11:38                 ` Pierre Neidhardt
2019-11-03 14:18 ` Ludovic Courtès
2019-11-04 10:39   ` Pierre Neidhardt
2019-11-04 11:06     ` zimoun
2019-11-05  6:26     ` Konrad Hinsen
2019-11-05  8:35       ` Hartmut Goebel
2019-11-05  9:03         ` Konrad Hinsen
2019-11-05  9:09           ` Hartmut Goebel
2019-11-05  9:22             ` Pierre Neidhardt
2019-11-05 15:36       ` zimoun
2019-11-05 16:05         ` Konrad Hinsen
2019-11-06 12:09           ` zimoun
2019-11-07 13:07             ` Konrad Hinsen
2019-11-06 17:07           ` Ludovic Courtès
2019-11-06 22:21             ` Bengt Richter
2019-11-07 13:52             ` Konrad Hinsen
2019-11-06 16:35       ` Ludovic Courtès
2019-11-07  7:46         ` Konrad Hinsen
2019-11-07  9:04           ` Pierre Neidhardt
2019-11-07 11:14             ` Konrad Hinsen
2019-11-07 11:36               ` Pierre Neidhardt
2019-11-09 17:59               ` Ludovic Courtès
2019-11-10  9:36                 ` Konrad Hinsen
2019-11-11 15:56                   ` A better XML, config is code (was Re: Profiles/manifests-related command line...) Giovanni Biscuolo
2019-11-13 15:28                     ` Konrad Hinsen [this message]
2019-11-12  8:55                   ` Profiles/manifests-related command line interface enhancements Andy Wingo
2019-11-12 20:07                     ` Konrad Hinsen
2019-11-13 20:58                     ` Bengt Richter
2019-11-16 22:02                   ` Ludovic Courtès
2019-11-17 10:44                     ` Konrad Hinsen
2019-11-18 14:25                       ` zimoun
2019-11-19 10:24                         ` Konrad Hinsen
2019-11-23 17:10                       ` Ludovic Courtès
2019-11-25 11:06                         ` Konrad Hinsen
2019-11-26  9:51                           ` On DSLs Ludovic Courtès
2019-12-02 19:05                             ` zimoun
2019-12-02 19:11                               ` Julien Lepiller
2019-12-03 10:19                                 ` Konrad Hinsen
2019-12-03 14:12                                   ` Ricardo Wurmus
2019-12-03 15:46                                     ` zimoun
2019-12-04  6:33                                     ` Bengt Richter
2019-12-10 16:26                                 ` Ludovic Courtès
2019-12-08  8:48                               ` Konrad Hinsen
2019-12-03 10:26                             ` Konrad Hinsen
2019-12-03 12:00                               ` zimoun
2019-11-11 14:13           ` Profiles/manifests-related command line interface enhancements Hartmut Goebel
2019-11-16 22:27           ` Ludovic Courtès
2019-11-17 11:30             ` Konrad Hinsen
2019-11-18 14:40               ` zimoun
2019-12-22 19:40               ` Andreas Enge
2019-12-22 20:39                 ` Pjotr Prins
2019-11-18 14:15             ` zimoun
2019-11-26  9:36               ` Ludovic Courtès
2019-11-06 16:42     ` Ludovic Courtès
2019-11-07 12:57       ` zimoun
2019-11-17 10:35         ` Package inputs in manifests Ludovic Courtès
2019-11-17 23:11           ` Bengt Richter
2019-11-18 17:14             ` zimoun
2019-11-23 14:05             ` Ludovic Courtès
2019-11-24  5:49               ` Bengt Richter
2019-11-24  7:17                 ` Timothy Sample
2019-11-25  3:42                   ` Bengt Richter
2019-11-18 16:18           ` zimoun

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m1imnnbxs5.fsf@fastmail.net \
    --to=konrad.hinsen@fastmail.net \
    --cc=g@xelera.eu \
    --cc=guix-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.