Wow! With this I suppose we could implement something like
http://mumble.net/~jar/pubs/secureos/secureos.html
?
Andy Wingo writes:
> Hi!
Hi!
> potluck.guixsd.org needs to be isolated from other hosts because it will
> load potluck.scm files from untrusted sources; we hope the sandbox works
> but we need a bit of defense-in-depth.
Well now I see the motivation behind (ice-9 sandbox) ... :)
> As I mention
Christopher Allan Webber transcribed 1.8K bytes:
> Andy Wingo writes:
>
> > Hi!
>
> Hi!
>
> > potluck.guixsd.org needs to be isolated from other hosts because it will
> > load potluck.scm files from untrusted sources; we hope the sandbox works
> > but we need a bit of defense-in-depth.
>
> Well
Hello!
Andy Wingo skribis:
> As an interlude, here is how a user would enter an environment that has
> a potluck package "foo" using Guix (using a pack is also possible). We
> start with setup steps:
>
> (1) Install Guix as a user. (This needs to be easier.)
> (2) guix channel add potluck
l...@gnu.org (Ludovic Courtès) writes:
> Beside, related to Chris’ comment, I’m a bit concerned about versioning
> in such a widely distributed repo. The package graph in Guix has zero
> degrees of liberty: every package is connected to other packages; every
> Guix user sees the exact same graph.
