Hello, Danny Milosavljevic <dan...@scratchpost.org> skribis:
> I think it would be good to have guix check for closed-source binaries after > unpacking, automatically (including jar files with class files in them). Oh right, jars are certainly quite common, more than .so files. >> > No idea if it's worth the trouble/performance hit/false-positive rate, >> > of course. That's for the ner^Wgods to decide. >> >> Yeah I wonder if it would be fruitful. > > Marking known-good binaries (whitelisting) is still better than hoping > we notice some closed-source binary (blacklisting). > > It would be a conspicious reminder of what we still have to do - as > opposed to the situation now where it's mostly in someone's head > (if at all). Yeah, that makes sense. What about adding such a phase in %standard-phases in core-updates-next? I guess it could check for files that match ‘elf-file?’ or ‘ar-file?’ and for *.jar. WDYT? We must make add a keyword parameter in ‘gnu-build-system’ to make it easy to disable it and/or to skip specific files. Any takers? Thanks, Ludo’.
