On Wed, May 25, 2016 at 10:23:20AM +0200, Alex Sassmannshausen wrote: > Christopher Baines writes: > > The first, is that the hash is required, which I only had to compute > > once, but if I wanted to change the package, I would have to update > > this, which is prohibitive to local development. As an improvement to > > this, could the hash be optional, and if it does not exist, be > > calculated when the build is performed? > > From my perspective, I think silently calculating a hash on the fly if > it is not provided would be problematic: it might lead to laziness in > completing the hash, which would undermine the security model of Guix > (if I understand correctly). > > But maybe an explicit flag setting the declaration to "dev-mode", might > be useful?
Perhaps I'm too paranoid, but I'd rather not see this implemented in Guix. It would create the necessary elements for a "downgrade attack" [0], where an attacker exploits some bug to enable the "dev-mode" when the user doesn't intend it. Why not write an external script that will recalculate the hash and rewrite the package definition for you?
