[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Dissecting Guix -- blog post series
|
From: |
Bengt Richter |
|
Subject: |
Re: Dissecting Guix -- blog post series |
|
Date: |
Mon, 12 Dec 2022 14:46:57 +0100 |
|
User-agent: |
Mutt/1.10.1 (2018-07-13) |
Hi,
On +2022-12-09 17:25:35 +0000, ( wrote:
> Heya,
>
> On Fri Dec 9, 2022 at 9:32 AM GMT, wrote:
> > How does a gullible noob like me know what the dangers might be, (e.g.
> > http:)
> > and how to avoid (most of) them by finding a guix version that has been
> > gone through with a fine-tooth comb by trusted guix devs and has been
> > re-hosted at gitlab or gnu.org, etc ... for added security?
>
> Sorry, I don't really understand; how is this relevant to derivations? :)
>
> -- (
Maybe I mis-imagine your assumptions about your audience.
For myself, I would like an emacs M-x idiot-mode
so I could run a boot-bricker-test.sh script someone
has posted, without worrying that in plain cli context,
it will /actually/ brick my machine :)
I am assuming if your lowlevel examples are really good,
they will be used as bases for cut/paste variants that people
will then post and implicitly prompt each other to try..
I don't trust that everything thus posted
will be both benevolent and competently avoiding security vulns.
I can't even trust my own stuff. I make too many mistakes :)
So, narrowly focusing on derivations, maybe trust is not technically
relevant, but in the larger social context gullible noobs like me
need all the help we can get about recognizing potentially dangerous
code.
And I think derivations can potentially contain or generate or activate
code one should not trust.
So that's how I see asking for trust info being relevant to derivations :)
--
Regards,
Bengt Richter
Re: Dissecting Guix -- blog post series, Mekeor Melire, 2022/12/10
[PATCH guix-artwork v2] website: posts: Add Dissecting Guix, Part 1: Derivations., (, 2022/12/12
[PATCH guix-artwork v3] website: posts: Add Dissecting Guix, Part 1: Derivations., (, 2022/12/12