Hi, On +2022-12-09 17:25:35 +0000, ( wrote: > Heya, > > On Fri Dec 9, 2022 at 9:32 AM GMT, wrote: > > How does a gullible noob like me know what the dangers might be, (e.g. > > http:) > > and how to avoid (most of) them by finding a guix version that has been > > gone through with a fine-tooth comb by trusted guix devs and has been > > re-hosted at gitlab or gnu.org, etc ... for added security? > > Sorry, I don't really understand; how is this relevant to derivations? :) > > -- (
Maybe I mis-imagine your assumptions about your audience. For myself, I would like an emacs M-x idiot-mode so I could run a boot-bricker-test.sh script someone has posted, without worrying that in plain cli context, it will /actually/ brick my machine :) I am assuming if your lowlevel examples are really good, they will be used as bases for cut/paste variants that people will then post and implicitly prompt each other to try.. I don't trust that everything thus posted will be both benevolent and competently avoiding security vulns. I can't even trust my own stuff. I make too many mistakes :) So, narrowly focusing on derivations, maybe trust is not technically relevant, but in the larger social context gullible noobs like me need all the help we can get about recognizing potentially dangerous code. And I think derivations can potentially contain or generate or activate code one should not trust. So that's how I see asking for trust info being relevant to derivations :) -- Regards, Bengt Richter