From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id EJQAOGaiWGCyeAAA0tVLHw (envelope-from ) for ; Mon, 22 Mar 2021 13:57:58 +0000 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id GJbSM2aiWGDlSwAAB5/wlQ (envelope-from ) for ; Mon, 22 Mar 2021 13:57:58 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 63CE21A5CD for ; Mon, 22 Mar 2021 14:57:58 +0100 (CET) Received: from localhost ([::1]:47044 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lOL48-0008Ra-VL for larch@yhetil.org; Mon, 22 Mar 2021 09:57:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59206) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lOKyO-0001gx-5U for gwl-devel@gnu.org; Mon, 22 Mar 2021 09:52:00 -0400 Received: from mail-qv1-xf36.google.com ([2607:f8b0:4864:20::f36]:37553) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lOKyM-0007Cj-4T for gwl-devel@gnu.org; Mon, 22 Mar 2021 09:51:59 -0400 Received: by mail-qv1-xf36.google.com with SMTP id dc12so7729526qvb.4 for ; Mon, 22 Mar 2021 06:51:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=k6hNaWO5mf3wugzbZdDKfe/yne/HcD5e37KACqogOCM=; b=qOMrgSL6N3m82iEZz0puZhXSvwjOPfLGLmgZy2IjoqQbioz+XLWH2TEeLnFUuJLpJf +v23thVoErKsxoiXlg5idwOBk93Zz3atdI9ourckM5DZwbu2p6iLzWjCNa72K8fTJRbz 0vNrzZ3Ccq7x5zVYDtgJednFYedUS8jLbqVeFJ/UcR3Zkp80oMOwAeupgD1JQ1Z1ygvo 21PCOhv+LX05itJgF9yGKxA9+PseL3YZxJd/RhOyhXO8x+rR3Nkeo6L2I+ggY6/eMI0e oJ73/x6c5sm/MZgn8MEr/ZOSiPPjG2aZD0h4loYiCCu0AEj622oLEAMdJpNwNQBVSuHc vvGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=k6hNaWO5mf3wugzbZdDKfe/yne/HcD5e37KACqogOCM=; b=hZZ+h6pHBK/2G4sr272zD1HUeoTR4yP7B9SROUwihVYFt3bdjgGVTTvjkcuKk3Pwfq icBGAHgBRbI0ls3xcmxmrcYd3ArPS8d/U4ac3rCfzNiEkZEiqklFzD1WaiPvCbdNyj9w V1/62ap3f7USjPWEaQG5LGRrpzujvjTUsbWIcQPC8vKHAPQEI9jnlakeHzN1rcG8oSFD 34696Evv2tT55oRZCvfAwp3HaPISqN33lU8mZIyu3sQYYZOjRHvAtLJLYeOidmNhfLw7 x76l4lfk/tYjphsa37rDUqdLOhXdC/BaRR/dH3CZsBa8czuAOZixeK/Oi/8AADQPdjBa EFDw== X-Gm-Message-State: AOAM532shkHZRoKz/v2betSA/2tPmJXfM0mNT7QCe8KZ5N9HdcZZ+3iH vHFFGcQOaJP7oeeflCus8kcHUSHgzKFekzkMQUhNilhm X-Google-Smtp-Source: ABdhPJxIQczJXUeHFaqyHSn8KAaKXlshcLflQOHVj4GvmYhI9B/qIqxJLCWHQDOLyQborPrcKoB6hdXJoZQ+naTr5yY= X-Received: by 2002:a0c:bf12:: with SMTP id m18mr21352922qvi.40.1616421116986; Mon, 22 Mar 2021 06:51:56 -0700 (PDT) MIME-Version: 1.0 References: <86y2efzc08.fsf@gmail.com> In-Reply-To: From: zimoun Date: Mon, 22 Mar 2021 14:51:45 +0100 Message-ID: Subject: Re: Getting started with GWL 0.3.0 To: Konrad Hinsen Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2607:f8b0:4864:20::f36; envelope-from=zimon.toutoune@gmail.com; helo=mail-qv1-xf36.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: gwl-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: gwl-devel@gnu.org Errors-To: gwl-devel-bounces+larch=yhetil.org@gnu.org Sender: "gwl-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1616421478; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=k6hNaWO5mf3wugzbZdDKfe/yne/HcD5e37KACqogOCM=; b=k0slvOwEQSw5U+UgDOA+P+cLBN9W/ScJfzUqJOMVvSrvKS9EVUYAK2eB7wB0gatvHRldl6 /0D/qVpJeYYMZo+WKpi8fw2fNhK/6DQCHGJHd69rtHH4zAI9J3eSy99hLA4N6G47blLbpW gEg74Puqq99dbMqxcYlRAmuaW6De09By2nmPoXQvJG984KG/7jaSGkMT0U33F+Msy4vcLq Md+DvRCZb0GoW/jMxdDR5zGtmIRRtLpFCRQDLQ4yrZa01ac/8Cu8xNwqk0eodXophfGB+V /L7O+IHi4RnP7z+XXtSuseMiUhAJyC4lg+C0gmS56W1tteMyEUeGPaDp4sB7cQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616421478; a=rsa-sha256; cv=none; b=L7k2HCltHqjTBrkeTAB83rbQxPT7oJD1j0TLUUvYHWQLpzy/fWzhPfFqbCENaYX0G2Pf6V W2T5ojLso54bau+cjNLvAsW7vYYxq+PZRprn/LKc/wapML2obhCT2Y77pT4y4XF99KAafU Q5BH3XAdqt45Sx08Gpr6Kuq0JoyRR5SN1PEu8RZjljlLJgWHvOfhWrt9aVbOFGKeXJUSES NIo8UHryoIrxWewkp3ysyEslDOe5B6ZS19Dibm0EOjf/XPgbpNuek3OSfYy4fOVsmOhYTw ugHeH3Wr+hMSr+d3tulOlzUK1aYw7y4+ATB44CBTwSjZVZBK4DPdC7Ux171oeQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=qOMrgSL6; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of gwl-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=gwl-devel-bounces@gnu.org X-Migadu-Spam-Score: -3.12 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=qOMrgSL6; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of gwl-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=gwl-devel-bounces@gnu.org X-Migadu-Queue-Id: 63CE21A5CD X-Spam-Score: -3.12 X-Migadu-Scanner: scn0.migadu.com X-TUID: /SISLYKUBgOe Hi, On Mon, 22 Mar 2021 at 14:04, Konrad Hinsen wr= ote: > Looks like I missed a discussion on guix-devel. My excuse is that I > can't keep up with guix-devel any more, it's getting too much! Do not worry! And I do not know if these days someone is actually able to grasp all the discussions happening on guix-devel. :-) > > This is really cool because =E2=80=9Cguix repl -- foo.scm arg1 arg2=E2= =80=9D can now be > > really handy with =E2=80=9Cguix foo arg1 arg2=E2=80=9D. > > Handy, yes. But is it a good idea from a security point of view? As a > Guix user, I trust "guix" with all its subcommands because I know that > all the code is carefully inspected by several competent developers. I > don't have the same level of trust in software packaged within Guix. What do you mean? The user has to explicitly set GUIX_EXTENSIONS_PATH or explicitly install a package (or a channel, as "guix home"). I do not see where there is a security flaw, I mean it is the same vulnerability as for "guix repl -- foo.scm" or as for "guix install foo && foo". And if you worry, I guess you can run GWL in a container, something like; guix environment -C --ad-hoc gwl -- guix workflow > I'd rather see packages building on "guix" but provide their own > top-level scripts with distinct names. And support for writing such > packages in making it easier to access the user's default Guix profile. Personally, I like the idea of extensions. Similarly as "git foo" works if "git-foo" is an executable on the PATH. I imagine couple of extensions. For instance, testing idea on UI is hard because Guix itself is really conservative about the backward compatibility---for a good! :-) And we can imagine extensions as a way to test other flavours, either before introducing a new subcommand or either as a replacement of current subcommand. Cheers, simon