Saku Laesvuori via Bug reports for GNU Guix <bug-guix@gnu.org> writes:
> Anyway, I am not opposed to this change. The only effects for my use > cases are positive (nicer UI with the --allow flag). I just want to > point out that I don't think this makes any attacks significantly > harder. FWIW, this summarizes my belief as well. I do see some improvements in convenience, but the threat model where this improves security (threat actor has access to the repository, but the files are such that the threat actor isn't able to modify their semantics without first modifying the files) seems contrived. Am I mistaken? If not, while I don't have objections to the change (and do believe it has some value), I do have reservations about claiming security benefits. -- Suhail
