Hi Ludo, > Of course, using a general-purpose language upfront also comes at a > price, as you note. But I think that what it has to offer to users > outweighs the costs, and that’s a lesson learned from Emacs. Just to > say I’m not willing to replace ‘config.scm’ with ‘config.yaml’, if > that’s what you had in mind. :-)
YAML is for kids. Real managers won't settle for less than full XML. ;-) Seriously, as a power user, I am perfectly happy with Guile for everything. I certainly don't want less. And for now, it's safe to assume that most Guix users are power users. The question is if we want Guix to remain exclusively a power tool for power users. If not, we need to make sure that it won't become a malware platform, by making it safe to use for people who don't read Guile code. In particular, common use cases should not require users do download unrestricted Guile code from untrusted sources. Emacs is an interesting comparison in many ways, but also a much less interesting target for malware than Guix. An attack on Guix can undermine all the guarantees it provides through reproducible builds. Maybe Ken Thompson should do an update of his famous "Trusing trust" that extends the discussion of compilers to build tools in general. One direction could be to add a sandboxing feature to Guile, which would be nice-to-have for other uses as well if Guile is to become a general-purpose systems scripting language. There are some interesting ideas in shill (http://shill.seas.harvard.edu/) for this scenario. Cheers, Konrad.
