From: zimoun <zimon.toutoune@gmail.com>
To: Konrad Hinsen <konrad.hinsen@fastmail.net>
Cc: gwl-devel@gnu.org
Subject: Re: Getting started with GWL 0.3.0
Date: Mon, 22 Mar 2021 14:51:45 +0100 [thread overview]
Message-ID: <CAJ3okZ2nC7HKZtuNm=Nz3+pmqs-OD+=GLF_u4j1FhVvB71HwQQ@mail.gmail.com> (raw)
In-Reply-To: <m1v99jl4pm.fsf@ordinateur-de-catherine--konrad.home>
Hi,
On Mon, 22 Mar 2021 at 14:04, Konrad Hinsen <konrad.hinsen@fastmail.net> wrote:
> Looks like I missed a discussion on guix-devel. My excuse is that I
> can't keep up with guix-devel any more, it's getting too much!
Do not worry! And I do not know if these days someone is actually
able to grasp all the discussions happening on guix-devel. :-)
> > This is really cool because “guix repl -- foo.scm arg1 arg2” can now be
> > really handy with “guix foo arg1 arg2”.
>
> Handy, yes. But is it a good idea from a security point of view? As a
> Guix user, I trust "guix" with all its subcommands because I know that
> all the code is carefully inspected by several competent developers. I
> don't have the same level of trust in software packaged within Guix.
What do you mean?
The user has to explicitly set GUIX_EXTENSIONS_PATH or explicitly
install a package (or a channel, as "guix home"). I do not see where
there is a security flaw, I mean it is the same vulnerability as for
"guix repl -- foo.scm" or as for "guix install foo && foo".
And if you worry, I guess you can run GWL in a container, something like;
guix environment -C --ad-hoc gwl -- guix workflow
> I'd rather see packages building on "guix" but provide their own
> top-level scripts with distinct names. And support for writing such
> packages in making it easier to access the user's default Guix profile.
Personally, I like the idea of extensions. Similarly as "git foo"
works if "git-foo" is an executable on the PATH.
I imagine couple of extensions. For instance, testing idea on UI is
hard because Guix itself is really conservative about the backward
compatibility---for a good! :-)
And we can imagine extensions as a way to test other flavours, either
before introducing a new subcommand or either as a replacement of
current subcommand.
Cheers,
simon
next prev parent reply other threads:[~2021-03-22 13:57 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-22 10:32 Getting started with GWL 0.3.0 Konrad Hinsen
2021-03-22 11:03 ` zimoun
2021-03-22 13:04 ` Konrad Hinsen
2021-03-22 13:51 ` zimoun [this message]
2021-03-22 15:07 ` Konrad Hinsen
2021-03-22 18:16 ` zimoun
2021-03-23 12:57 ` Konrad Hinsen
2021-03-23 13:16 ` Ricardo Wurmus
2021-03-23 13:24 ` Roel Janssen
2021-03-23 20:16 ` zimoun
2021-03-24 10:08 ` Konrad Hinsen
2021-03-24 10:44 ` zimoun
2021-03-23 15:51 ` Konrad Hinsen
2021-03-23 17:34 ` Ricardo Wurmus
2021-03-23 19:30 ` Roel Janssen
2021-03-23 20:14 ` Ricardo Wurmus
2021-03-23 20:30 ` Roel Janssen
2021-03-26 21:01 ` Ricardo Wurmus
2021-04-30 21:50 ` Ricardo Wurmus
2021-03-24 9:52 ` Konrad Hinsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.guixwl.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJ3okZ2nC7HKZtuNm=Nz3+pmqs-OD+=GLF_u4j1FhVvB71HwQQ@mail.gmail.com' \
--to=zimon.toutoune@gmail.com \
--cc=gwl-devel@gnu.org \
--cc=konrad.hinsen@fastmail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).