Re: NPM and trusted binaries

ee and actually corresponds to the given source? From a software freedom perspective, the source code _is_ the program. If that is unworkable, then so is the software itself. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: 2217 5B02 E626 BC98 D7C0 C2E5

Re: NPM and trusted binaries

s do we give it when packaging for, say, Debian? But we'd have to know that on a case-by-case basis. If we want a general solution to this problem, we wouldn't want to add a bunch of exceptions. If it's literally publishing the source code repository (which many are), then there is

Re: NPM and trusted binaries

;t care less? Even something as simple as the license: package.json has no legal force; it's _metadata_. I feel like this will have to be manually checked no matter how it is done; any automated process would just be a tool to aid in a transition and keeping a package up-to-date. I don'

[PATCH 0/2] gnu: Add libpcsclite

t; 'SCD SERIALNO openpgp' I tried running `./pre-inst-env guix lint libpcsclite`, but got an error about an unbound `make-session` variable; I'll post about that separately, but please forgive any issues that it might have caught. Mike Gerwitz (2): gnu: Add libpcsclite gn

[PATCH 1/2] gnu: Add libpcsclite

* gnu/packages/gnupg.scm (libpcsclite): New variable. --- gnu/packages/gnupg.scm | 32 1 file changed, 32 insertions(+) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 5fcc03a..c4920b0 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg

[PATCH 2/2] gnu: gnupg: libpcsclite propagated input

* gnu/packages/gnupg.scm (gnupg): Add libpcsclite as propagated-input --- gnu/packages/gnupg.scm | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index c4920b0..562b377 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/

Re: [PATCH 0/2] gnu: Add libpcsclite

a package for that too. Please let me know what solution you find, and if libccid does in fact solve that problem. My goal for these changes is to have smartcard stuff for popular readers work without any additional effort in Guix; I found I was writing an article with a lot of exceptions for getting GPG 2.1 working, and would rather just tell people to "use Guix". :) -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com signature.asc Description: PGP signature

[PATCH 2/2] gnu: gnupg: patch scdaemon libpcsclite path

* gnu/packages/gnupg.scm (gnupg): Use absolute path of pcsc-lite for libpcsclite in `scd/scdaemon.c' --- gnu/packages/gnupg.scm | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index da48e26..52af7c0 100644 --- a/gnu/pack

[PATCH 1/2] gnu: Add pcsc-lite

/gnupg.scm @@ -9,6 +9,7 @@ ;;; Copyright © 2016 Christopher Allan Webber ;;; Copyright © 2016 Nils Gillmann ;;; Copyright © 2016 Christopher Baines +;;; Copyright © 2016 Mike Gerwitz ;;; ;;; This file is part of GNU Guix. ;;; @@ -30,8 +31,10 @@ #:use-module (gnu packages) #:use-module (gnu

Re: [PATCH 0/2] gnu: Add libpcsclite

r you come up with as soon as it's available. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com signature.asc Description: PGP signature

Re: [PATCH 1/1] gnu: Add ccid.

but it's currently hardcoded to /var/lib/pcsc/drivers; could you update it to match ccid's and see if that works? Debian has the dependencies structured such that pcscd has ccid as an input. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930

Re: [PATCH 1/1] gnu: Add ccid.

hat sounds fine with me if there is a potential to be able to use other drivers; I'm not familiar enough with pcscd to know. Thanks for working on this! -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5

Re: [Patch 0/10] Add Ring

27;t know the timeline, though. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com signature.asc Description: PGP signature

Re: bug#33844: Rename ghc-pandoc to pandoc

oc) but it is: a) some descriptions are badly written and > b) the 'relevance' scoring function is not enough "smart" to detect > them. Thank you for taking the time to explain this. -- Mike Gerwitz signature.asc Description: PGP signature

Re: The problem of packaging Minetest mods/games

ing so unless you really need to. I still think it ought to search ~/.minetest/games, though, for those things that may not be installed using guix. For example, minetest has a built-in means of downloading games/mods. While it's best to use a package manager, it also breaks functionality

Re: Packaging a free Firefox

rting security patches in Guix; Rubén Rodriguez (IceCat) maintainer has a lot on his plate and IceCat does not get a lot of attention. (If anyone wants to help with IceCat maintenance, he would like the help; contact us at maintain...@gnu.org.) -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature

Re: Packaging a free Firefox

On Fri, May 04, 2018 at 16:24:11 +0200, Pjotr Prins wrote: > On Thu, May 03, 2018 at 01:59:24PM -0400, Mike Gerwitz wrote: >> I use IceCat personally and FF Dev Edition at work. Until the recent >> move to WebExtensions, I used the same addons. I use NoScript and Tor >>

Re: Packaging a free Firefox

expresses interest with your suggestion, please have them contact maintain...@gnu.org. > Another option is to package Trisquel's Abrowser. Isn't Abrowser more up-to-date than IceCat is? It's maintained by the same person (Rubén), but I haven't used Trisquel on a desktop in

Re: Packaging a free Firefox

On Sun, May 06, 2018 at 06:01:59 +, Nils Gillmann wrote: > Mike Gerwitz transcribed 2.2K bytes: >> On Sat, May 05, 2018 at 19:06:27 -0300, Adonay Felipe Nogueira wrote: >> > I have noticed somepeople advocating for packaging Firefox in GNU Guix, >> > and since FF

Re: Packaging a free Firefox

On Sun, May 06, 2018 at 11:48:28 +0200, Hartmut Goebel wrote: > Am 06.05.2018 um 03:24 schrieb Mike Gerwitz: >> On Sat, May 05, 2018 at 19:06:27 -0300, Adonay Felipe Nogueira wrote: >>> I have noticed somepeople advocating for packaging Firefox in GNU Guix, >>> and

Re: Packaging a free Firefox

On Sun, May 06, 2018 at 18:33:56 +0200, Hartmut Goebel wrote: > Am 06.05.2018 um 16:05 schrieb Mike Gerwitz: >> In the case of their addon >> system, they encourage installation of non-free addons, which is against >> the Free Software Distribution Guidelines (FSDG), and is th

Re: Packaging a free Firefox

to be much more stable over the years. (I use IceCat at home and FF at work.) So when users compare IceCat to "Firefox", they're not likely performing a valid comparison, since they're going to use a modern version of Firefox. I think Rubén is working on an ESR upgrade, so mayb

Re: Packaging a free Firefox

d is an employee at the FSF. I proposed to both rms and John Sullivan at different points that maybe IceCat maintenance can be made part of Rubén's responsibilities at the FSF. The FSF recently announced a paid contact position for LibreJS, so maybe at some point IceCat can see some attention too. -

Re: gnumaint changes

t happened to catch my eye. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature

Re: gnumaint changes

On Wed, Jun 27, 2018 at 21:40:19 -0400, Mike Gerwitz wrote: > I'll have to look at what guix/gnu-maintenance.scm does, but: [...] > Rather than get rid of gnupackages.txt completely, I wrote a script last > week to generate it from rec/gnupackages.rec. The formats are largely >

Re: shortening the git test suite

vn is just a Perl script anyway.) > > Thoughts? I'm a git-svn user, and that sounds fine with me. I agree that's much better to provide a separate package with the SVN tests rather than simply disable SVN tests in a full-featured Git. -- Mike Gerwitz Free Software Hack

Re: gnumaint changes

On Wed, Jul 11, 2018 at 16:11:37 +0200, Ludovic Courtès wrote: > Hello Mike, > > Mike Gerwitz skribis: [...] >> pkgblurbs.txt has also been replaced by rec/pkgblurbs.rec. > > Commit daf76c7cd54df428abc28d490747c7f83a844df0 changes > gnu-maintenance.scm to use the .re

Re: gnumaint changes

On Thu, Jul 12, 2018 at 17:57:01 +0200, Ludovic Courtès wrote: > Hello, > > Mike Gerwitz skribis: [...] >> Do you have a couple examples of what you think would be beneficial to >> pull form Guix? I'm certainly open to the idea where it makes sense; >> there

Re: Firefox 52's end of life, packaging Chromium

on, we need it packaged for Guix, and that is quite the undertaking. Has anyone pursued packaging modern versions of vanilla FF in recent months? -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikeger

Re: Firefox 52's end of life, packaging Chromium

On Thu, Aug 30, 2018 at 09:07:39 +, Nils Gillmann wrote: > Mike Gerwitz transcribed 1.8K bytes: >> But as was stated in another thread, once we _do_ have an updated IceCat >> source distribution, we need it packaged for Guix, and that is quite the >> undertaking. Has any

Re: Firefox 52's end of life, packaging Chromium

here were recent efforts with vanilla Firefox, since those efforts would directly apply to IceCat. -- Mike Gerwitz signature.asc Description: PGP signature

Re: Firefox 52's end of life, packaging Chromium

On Sat, Sep 01, 2018 at 16:13:53 +0200, Ludovic Courtès wrote: > I have to say that Andreas, Mark, Marius, and others who worked on > IceCat and Chromium packaging are heroes: it’s a huge effort and we can > be grateful for that! I agree---I am very grateful for their work! -- Mik

Re: More stability needed in our Rust packages, for IceCat 60

in order to eventually build IceCat. This is wonderful news! I'm really excited to give this a try once Hydra is ready. Thank you! And thank you too, Danny, since your work made this possible. -- Mike Gerwitz signature.asc Description: PGP signature

Re: openssh vulnerability

ed in Guix and there are a couple packages that use it. [0]: You had me very worried from your subject line! -- Mike Gerwitz signature.asc Description: PGP signature

Re: NPM importer

rojects. I forget the name of the software they use to do that (and it may not be the same for both of them), and it's probably not perfect, but something like that may help with automation. [0]: https://blog.github.com/2015-03-09-open-source-license-usage-on-github-com/ (as of 2015)

Re: Missing fonts issue with GNU Icecat

that setting only XDG_DATA_DIRS works in a container to solve the font issue. Setting XDG_DATA_HOME works as well. I don't need to set GIO_EXTRA_MODULES in order to get it to work (I don't even have that directory on in my profile). -- Mike Gerwitz Free Software Hacker+Activist |

Re: Missing fonts issue with GNU Icecat

ntainers. It looks like on GuixSD XDG_DATA_DIRS is set in /etc/profile; I never had to set it manually. But the presence in /etc/profile implies to me that there are other packages that require this variable to be present. Should those packages also have wrapper scripts? -- Mike Gerwitz signature.asc Description: PGP signature

Re: Docker and singularity containers

s registered, though, their APIs can be used without having to use DockerHub's web interface. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature

Re: Packaging IceCat extensions with Guix

site uses the JS-only "challenge", which does actually require JS. I use archive.org or some other cache to view the site in that case. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02

Re: Encrypted root partition

Of course, so does traditional swap. :) I'm not familiar enough with Guix (yet!) to know how to set it up, but I also haven't done any research. Arch has a good summary: https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption -- Mike Gerwitz Free Software Hacker+Activist | GN

Re: jquery 3.1.1

rminal, > I saw a package called > > "broccoli-funnel" Ah, they missed a really good logo opportunity! -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com signature.asc Description: PGP signature

Re: jquery 3.1.1

rivial (non-copyrightable) packages constitutes a copyrightable work, and if so, at what point. Because you'd otherwise imagine that any program could be factored such that it is a sum of a large number of trivial components. I digress... -- Mike Gerwitz Free Software Hacker+Activist | GNU Ma

Re: jquery 3.1.1

npmjs.com/cli/install What's a specific package you're having trouble with? -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mike

Re: Leaving the guix project

th. In some laptops, you can simply remove and replace the built-in wireless card. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikeger

Re: Leaving the guix project

ake sacrifices for freedom. Hopefully one day this won't be necessary. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com signature.asc Description: PGP signature

Re: Changing guix download page from using HTTP to HTTPS

On Sun, Mar 05, 2017 at 16:32:16 +, ng0 wrote: > As it is, it is inaccessible for tor users. This would fix it. The FTP server you mean? rms has asked the FSF sysadmins to fix this as of a day or two ago, so hopefully that'll work soon. -- Mike Gerwitz Free Software Hacker+Activi

Re: Guix libification.

of Guix in not great either. So I'm wondering if some parts of Guix, > useful to other guile projects could be integrated to a lib, guile-lib > for instance ? 1+ I use (guix records) for a few projects. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG:

Re: npm (mitigation)

(implying Expat), even if there's actually no license information in the repository. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature

Re: npm (mitigation)

:) > You might remember my post of a few months back about an attempt of mine to > crawl thhe npm registry and storing data found there. I do---I'm sorry if there are details that I missed or should know; I haven't been able to follow this too closely. I can be a bit of a parrot so

On packaging old versions of libraries

hich would add some cruft? At the least, I would have to compile CEGUI 0.7, but that might need older versions of libraries itself to compile. [0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812096 -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B

Re: On packaging old versions of libraries

t want my efforts to be useful to someone else as well. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature

Re: [PATCH 1/1] gnu: Add ccid.

Hey, Marius: I'm resurrecting this thread. :) On Mon, Oct 31, 2016 at 10:09:14 +, Marius Bakke wrote: > Mike Gerwitz writes: >> On Fri, Oct 28, 2016 at 12:27:29 +0100, Marius Bakke wrote: >>> Packages are not allowed to write to /var, so to run pcscd on Guix you &

Re: [PATCH 1/1] gnu: Add ccid.

and "gnu/services". Thanks for the advice. I'll give this a shot over the next couple of months (hopefully sooner, but we know how that goes) as I try to get myself situated. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F4

Re: Meltdown / Spectre

hat needs resolution, but I'm not offering that here---I just wanted to comment on the phrasing. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature

Re: Meltdown / Spectre

e argument that a freedom-respecting user will use a microcode update tool for anything other than proprietary software. In that case, does the inclusion of the microcode updater in Guix encourage the use of non-free microcode, even if it doesn't state where to get it? -- Mike Gerwitz Free So

Re: Maintainer (no longer) needed for Linux-libre and IceCat packages

packages, I will resume my previous role, doing what I can to keep our > Linux-libre and IceCat packages up-to-date, as soon as my commit rights > on Savannah are restored. This is wonderful news! -- Mike Gerwitz signature.asc Description: PGP signature

Re: bug#33844: Rename ghc-pandoc to pandoc

e past and didn't find what I was looking for, and so fell back to a Debian system. It turns out what I wanted was ghc-pandoc after all. But if I would have put a little bit more effort into looking, perhaps I would have figured that out; I was in a hurry. Thanks for making this change!

Re: Unpatched security flaws in GNU IceCat 38

if I missed it; gnu.org/s/icecat doesn't mention anything. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer https://mikegerwitz.com | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature

Re: ‘core-updates’ merge is a squashed commit

ger/etc to get the passphrase. Smart cards help here. I also recommend against auto-signing commmits on rebase unless you first verify that each commit within that range has a valid signature beforehand. Not fool-proof, but nothing is. :) -- Mike Gerwitz Free Software Hacker+Activist | GNU