unofficial mirror of gwl-devel@gnu.org
 help / color / mirror / Atom feed
From: zimoun <zimon.toutoune@gmail.com>
To: Konrad Hinsen <konrad.hinsen@fastmail.net>
Cc: gwl-devel@gnu.org
Subject: Re: Getting started with GWL 0.3.0
Date: Mon, 22 Mar 2021 14:51:45 +0100	[thread overview]
Message-ID: <CAJ3okZ2nC7HKZtuNm=Nz3+pmqs-OD+=GLF_u4j1FhVvB71HwQQ@mail.gmail.com> (raw)
In-Reply-To: <m1v99jl4pm.fsf@ordinateur-de-catherine--konrad.home>

Hi,

On Mon, 22 Mar 2021 at 14:04, Konrad Hinsen <konrad.hinsen@fastmail.net> wrote:

> Looks like I missed a discussion on guix-devel. My excuse is that I
> can't keep up with guix-devel any more, it's getting too much!

Do not worry!  And I do not know if these days someone is actually
able to grasp all the discussions happening on guix-devel. :-)

> > This is really cool because “guix repl -- foo.scm arg1 arg2” can now be
> > really handy with “guix foo arg1 arg2”.
>
> Handy, yes. But is it a good idea from a security point of view? As a
> Guix user, I trust "guix" with all its subcommands because I know that
> all the code is carefully inspected by several competent developers.  I
> don't have the same level of trust in software packaged within Guix.

What do you mean?

The user has to explicitly set GUIX_EXTENSIONS_PATH or explicitly
install a package (or a channel, as "guix home").  I do not see where
there is a security flaw, I mean it is the same vulnerability as for
"guix repl -- foo.scm" or as for "guix install foo && foo".

And if you worry, I guess you can run GWL in a container, something like;

  guix environment -C --ad-hoc gwl -- guix workflow


> I'd rather see packages building on "guix" but provide their own
> top-level scripts with distinct names. And support for writing such
> packages in making it easier to access the user's default Guix profile.

Personally, I like the idea of extensions.  Similarly as "git foo"
works if "git-foo" is an executable on the PATH.

I imagine couple of extensions.  For instance, testing idea on UI is
hard because Guix itself is really conservative about the backward
compatibility---for a good! :-)
And we can imagine extensions as a way to test other flavours, either
before introducing a new subcommand or either as a replacement of
current subcommand.


Cheers,
simon


  reply	other threads:[~2021-03-22 13:57 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-22 10:32 Getting started with GWL 0.3.0 Konrad Hinsen
2021-03-22 11:03 ` zimoun
2021-03-22 13:04   ` Konrad Hinsen
2021-03-22 13:51     ` zimoun [this message]
2021-03-22 15:07       ` Konrad Hinsen
2021-03-22 18:16         ` zimoun
2021-03-23 12:57           ` Konrad Hinsen
2021-03-23 13:16             ` Ricardo Wurmus
2021-03-23 13:24               ` Roel Janssen
2021-03-23 20:16             ` zimoun
2021-03-24 10:08               ` Konrad Hinsen
2021-03-24 10:44                 ` zimoun
2021-03-23 15:51 ` Konrad Hinsen
2021-03-23 17:34   ` Ricardo Wurmus
2021-03-23 19:30     ` Roel Janssen
2021-03-23 20:14       ` Ricardo Wurmus
2021-03-23 20:30         ` Roel Janssen
2021-03-26 21:01           ` Ricardo Wurmus
2021-04-30 21:50       ` Ricardo Wurmus
2021-03-24  9:52     ` Konrad Hinsen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.guixwl.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAJ3okZ2nC7HKZtuNm=Nz3+pmqs-OD+=GLF_u4j1FhVvB71HwQQ@mail.gmail.com' \
    --to=zimon.toutoune@gmail.com \
    --cc=gwl-devel@gnu.org \
    --cc=konrad.hinsen@fastmail.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).