[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A registry for distributed sources and binaries

From: Tomáš Čech
Subject: Re: A registry for distributed sources and binaries
Date: Mon, 25 Jul 2016 09:18:49 +0200
User-agent: Mutt/1.6.1-neo (2016-06-11)

On Sun, Jul 24, 2016 at 10:35:43PM +0200, Ricardo Wurmus wrote:
What do you think about that?  Does this align with your vision?

What do others think?  Is this something that would benefit the Guix
project and its audience?

I like the idea a lot.

I'm only concerned with security of such thing. When the number of
other package sources will grow, it should be ensured that some
package definition will not touch core/library without user
consent. If they will take packages from random sources (as they are
careful when downloading applications for windows from various sources
or reading licenses), it may easily become security threat to whole

I'd be glad if we can stop using GUIX_PACKAGE_PATH environment
variable (which is a bit clumsy) and have support for multiple source,
with priorities (for cases of collisions) and maybe in future support
for some digital signatures.



Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]