From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 02 14:02:11 2020 Received: (at submit) by debbugs.gnu.org; 2 Oct 2020 18:02:11 +0000 Received: from localhost ([127.0.0.1]:42517 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kOPNj-0001nO-85 for submit@debbugs.gnu.org; Fri, 02 Oct 2020 14:02:11 -0400 Received: from lists.gnu.org ([209.51.188.17]:48390) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kOPNh-0001nG-KX for submit@debbugs.gnu.org; Fri, 02 Oct 2020 14:02:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49722) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kOPNh-0000w4-8a for bug-guix@gnu.org; Fri, 02 Oct 2020 14:02:09 -0400 Received: from mx1.riseup.net ([198.252.153.129]:47078) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kOPNe-0006EP-UV for bug-guix@gnu.org; Fri, 02 Oct 2020 14:02:08 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4C2yW040ZPzDsZS for ; Fri, 2 Oct 2020 11:02:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1601661724; bh=mRLVtUzECJGnnR3VeJhsHttItaIpEaUAKC2AKyHKArs=; h=To:From:Subject:Date:From; b=YUCNPbMnU29bQG9XizS4amUULflqAQcAfKtFWy8L0LNgiXFuzpeR5HfBMGOE4t5ZN GH5hdSe45LmedZJq8TnsmekSZFRXSb1Smg9uavMK9ofYI1gCUXCWqLAGfmfuiTIUU6 GtFVaYAMoPHGyd1GCAyo8syDRY0km2G/FxfMSnvw= X-Riseup-User-ID: 5A030F4BF598FBF396A8466259616F1E43ACC427FB32D439AE21B9EA32DA9D75 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4C2yVz4xz7zJqMr for ; Fri, 2 Oct 2020 11:02:03 -0700 (PDT) To: bug-guix@gnu.org From: bo0od Subject: Geeks think securely: VM per Package (trustless state to devs and their apps) Message-ID: <0adb9d2b-22e6-412d-4148-fd032d191b6b@riseup.net> Date: Fri, 2 Oct 2020 18:01:18 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=198.252.153.129; envelope-from=bo0od@riseup.net; helo=mx1.riseup.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/02 14:02:04 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) Hi There, If we look at current state of packages running inside GNU distros they are in very insecure shape which is either they are installed without sandboxing because the distro doesnt even provide that or no profiles exist for the sandboxing feature and has issues e.g: - Sandboxing can be made through MAC (apparmor,selinux) or Using Namespaces (firejail,bubblewrap) But the problem with using these features it needs a defined/preconfigured profile for each package in order to use them thus making almost impossible case to be applied on every package in real bases. (unless a policy which saying no package is allowed without coming with its own MAC profile, but thats as well has another issue when using third party packages...) - Containers are like OS, and to use it within another OS is like OS in OS i find it crazy and not just that the way that the package gets upgraded is not reliable to be secure so this wont solve our issue as well. To solve this mess, is to use virtualization method and to make that happen is to put each package in a VM by itself means the package gonna use the system resources without being able maliciously gain anything.This provide less trust to developers and their code running within the system. one of the greatest design made in our time towards security is GNU/Linux Qubes OS, it uses OS per VM and has VM to VM communication...etc i highly recommend reading their design to take some ideas from it: https://www.qubes-os.org/doc/ Useful refer: https://wiki.debian.org/UntrustedDebs https://blog.invisiblethings.org/papers/2015/state_harmful.pdf ThX! From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 02 15:43:35 2020 Received: (at 43770) by debbugs.gnu.org; 2 Oct 2020 19:43:35 +0000 Received: from localhost ([127.0.0.1]:42618 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kOQxr-0004D2-4y for submit@debbugs.gnu.org; Fri, 02 Oct 2020 15:43:35 -0400 Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21169) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kOQxo-0004Cs-T7 for 43770@debbugs.gnu.org; Fri, 02 Oct 2020 15:43:34 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1601667809; cv=none; d=zohomail.com; s=zohoarc; b=SR87oicTpXLjDlNnYtwacYznV6RUSLAIFHw6SzHuVvBrPyN6GzvQoF/HfyqIpmnhyZ8aekexLVtErN3pA+M9Vti9NjhVEsIVLzhgWdYfg2I1huZvCwK2xEn8KIHTcIJai1QZqcjsANUae2coSrqdAVz5TJetlW5MXNrvNP1SJSw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1601667809; h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=3l731LXQM6wJ1MTUatyRMJNCfflR0umcEFUJ8SAl6lQ=; b=PCz8aG1cQTUGTgs1oyOtVuemj/CLMFLyWC207fpPyMlcE124QZCj2Bo9LGsj8OsHTTybuW08OVc0jzEdexfxPpfgtBfw995/tKmdJFXlb9bNXpP9Ak7ywVp68yWTbsQLJrlAB0SRlih+XDYjZMVSVUEAAz7XjArX1+vRhn3aydk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1601667809; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type; bh=3l731LXQM6wJ1MTUatyRMJNCfflR0umcEFUJ8SAl6lQ=; b=BeWOB/+NeVrWqZrbp8QA8OKeOOesrSzaqNB2b9FGT8+cwASkxl02Hc5VYGL8yC11 tJ76Yb9/KVo+LNTMbFmdyGhIjpKVcN6BMYtxTyuWdOCHPvDTjCrUY/9oNmaTBKbIrxw vdrS34wrJDQ1t8IiJEAaE3U9rKLTAKH009l4/Bbw= Received: from localhost (p54ad4ee6.dip0.t-ipconnect.de [84.173.78.230]) by mx.zohomail.com with SMTPS id 160166780817170.48101916218081; Fri, 2 Oct 2020 12:43:28 -0700 (PDT) References: <0adb9d2b-22e6-412d-4148-fd032d191b6b@riseup.net> User-agent: mu4e 1.4.13; emacs 27.1 From: Ricardo Wurmus To: bo0od Subject: Re: bug#43770: Geeks think securely: VM per Package (trustless state to devs and their apps) In-reply-to: <0adb9d2b-22e6-412d-4148-fd032d191b6b@riseup.net> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Fri, 02 Oct 2020 21:44:58 +0200 Message-ID: <87mu14e7k5.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain X-ZohoMailClient: External X-Spam-Score: 3.0 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi, this does not look like an actionable bug report. What is it exactly that ought to be done in your opinion? -- Ricardo Content analysis details: (3.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [136.143.188.51 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [136.143.188.51 listed in wl.mailspike.net] 1.0 PDS_TONAME_EQ_TOLOCAL_VSHORT Very short body and From looks like 2 different emails 2.0 PDS_TONAME_EQ_TOLOCAL_SHORT Short body with To: name matches everything in local email X-Debbugs-Envelope-To: 43770 Cc: 43770@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Hi, this does not look like an actionable bug report. What is it exactly that ought to be done in your opinion? -- Ricardo From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 02 15:45:07 2020 Received: (at submit) by debbugs.gnu.org; 2 Oct 2020 19:45:07 +0000 Received: from localhost ([127.0.0.1]:42622 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kOQzL-0004Ft-Ex for submit@debbugs.gnu.org; Fri, 02 Oct 2020 15:45:07 -0400 Received: from lists.gnu.org ([209.51.188.17]:50000) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kOQzI-0004Fj-KB for submit@debbugs.gnu.org; Fri, 02 Oct 2020 15:45:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40740) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kOQzI-0000wA-88 for bug-guix@gnu.org; Fri, 02 Oct 2020 15:45:04 -0400 Received: from mx1.riseup.net ([198.252.153.129]:46152) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kOQzF-0001Bu-2u for bug-guix@gnu.org; Fri, 02 Oct 2020 15:45:03 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4C30nk6NmZzDsZf for ; Fri, 2 Oct 2020 12:44:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1601667898; bh=C8iItubBqvpAlbv0o84w7rT8xTksBclSOTj4SghJCys=; h=Date:From:To:Subject:In-Reply-To:References:From; b=pHwBF72bTI2c3sP4mT+nYHUkNM5cTXMA7AjCQ1hVIWPvXzAWZoqRJqf4gMN4wIWlr e3RCE2NM0Jpf4D86W9hw1E93Px1x9+Ftv6Uv0OIhrlMuuPr2seoteu8/IiZIFA9qFW WoDTBlV6x2hCmB+Ly0cd6D2Y4I3d/IFs7OIKksLo= X-Riseup-User-ID: D8A86906E86932CA0F1DE2F0BF7674BEE8B69256EDCFCBCE755B173895A982C6 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4C30nk14npzJn9L for ; Fri, 2 Oct 2020 12:44:57 -0700 (PDT) Date: Fri, 2 Oct 2020 21:45:14 +0200 From: raingloom To: bug-guix@gnu.org Subject: Re: bug#43770: Geeks think securely: VM per Package (trustless state to devs and their apps) Message-ID: <20201002214514.168ee5e1@riseup.net> In-Reply-To: <0adb9d2b-22e6-412d-4148-fd032d191b6b@riseup.net> References: <0adb9d2b-22e6-412d-4148-fd032d191b6b@riseup.net> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=198.252.153.129; envelope-from=raingloom@riseup.net; helo=mx1.riseup.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/02 14:02:04 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) On Fri, 2 Oct 2020 18:01:18 +0000 bo0od wrote: > Hi There, > > If we look at current state of packages running inside GNU distros > they are in very insecure shape which is either they are installed > without sandboxing because the distro doesnt even provide that or no > profiles exist for the sandboxing feature and has issues e.g: > > - Sandboxing can be made through MAC (apparmor,selinux) or Using > Namespaces (firejail,bubblewrap) But the problem with using these > features it needs a defined/preconfigured profile for each package in > order to use them thus making almost impossible case to be applied on > every package in real bases. (unless a policy which saying no package > is allowed without coming with its own MAC profile, but thats as well > has another issue when using third party packages...) > > - Containers are like OS, and to use it within another OS is like OS > in OS i find it crazy and not just that the way that the package gets > upgraded is not reliable to be secure so this wont solve our issue as > well. > > To solve this mess, is to use virtualization method and to make that > happen is to put each package in a VM by itself means the package > gonna use the system resources without being able maliciously gain > anything.This provide less trust to developers and their code running > within the system. > > one of the greatest design made in our time towards security is > GNU/Linux Qubes OS, it uses OS per VM and has VM to VM > communication...etc i highly recommend reading their design to take > some ideas from it: > > https://www.qubes-os.org/doc/ There is an even more relevant project being developed in NixOS, but I can't remember its name off the top of my head. My 2 cents is that I'd rather have the option to use packages that are closer to Alpine than having to pay the performance penalty of Qubes. Fewer lines of code => fewer bugs => fewer security holes. > Useful refer: > > https://wiki.debian.org/UntrustedDebs > https://blog.invisiblethings.org/papers/2015/state_harmful.pdf > > ThX! > > > From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 02 18:18:48 2020 Received: (at 43770) by debbugs.gnu.org; 2 Oct 2020 22:18:49 +0000 Received: from localhost ([127.0.0.1]:42708 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kOTO4-0001Y2-PQ for submit@debbugs.gnu.org; Fri, 02 Oct 2020 18:18:48 -0400 Received: from mx1.riseup.net ([198.252.153.129]:50064) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kOTO2-0001Xu-ME for 43770@debbugs.gnu.org; Fri, 02 Oct 2020 18:18:48 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4C34C9618jzDt1D; Fri, 2 Oct 2020 15:18:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1601677125; bh=KKEY8bUFzv4ElP6lwe3MAQlvkfI+2YHcOqEWUUM5YyU=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=STmU8EtiZRYscqxRyYBl+O19cRdKvtdbGdZfNEzqOFzB+i7iPxUSg6Nupub7JB8AY bk9TrmmNlkkq82IWr8wGJaO/wwtJQK2EwMgat6hSPjSCPZZdX/qeFPFZukZ2nuRlED BUQyTXMBaGKw0yO3RoIEa6aW48E5Gg71tcBWwGIM= X-Riseup-User-ID: 5D11B266F1C0C0C1008854F2673B228E168B2CC9895ED5C56782F68D4201F7AC Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4C34C82FhgzJnqj; Fri, 2 Oct 2020 15:18:43 -0700 (PDT) Subject: Re: bug#43770: Geeks think securely: VM per Package (trustless state to devs and their apps) To: Ricardo Wurmus References: <0adb9d2b-22e6-412d-4148-fd032d191b6b@riseup.net> <87mu14e7k5.fsf@elephly.net> From: bo0od Message-ID: Date: Fri, 2 Oct 2020 22:18:24 +0000 MIME-Version: 1.0 In-Reply-To: <87mu14e7k5.fsf@elephly.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 43770 Cc: 43770@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hey, Actually what i wanted to say but seems i missed it, This security design can be engineered and implemented when Guixsd released based on GNU-Hurd Kernel. Because its going to be totally new kernel and having this feature is without question the best security feature for the future of security within operating systems. Otherwise we gonna fall into the same cycle of trust to outside package developers and their codes without preventive mechanism against if its malicious one. If you mean the bug report is not the place for this request, then i dont know where because i already discussed it in the IRC channel.(if there is somewhere else i can report this just tell me) ThX! Ricardo Wurmus: > > Hi, > > this does not look like an actionable bug report. What is it exactly > that ought to be done in your opinion? > From debbugs-submit-bounces@debbugs.gnu.org Mon Oct 05 10:01:11 2020 Received: (at 43770-done) by debbugs.gnu.org; 5 Oct 2020 14:01:11 +0000 Received: from localhost ([127.0.0.1]:49956 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kPR38-0006C4-Sp for submit@debbugs.gnu.org; Mon, 05 Oct 2020 10:01:11 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48638) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kPR34-00063E-DL for 43770-done@debbugs.gnu.org; Mon, 05 Oct 2020 10:01:09 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59185) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kPR2z-00018W-1C; Mon, 05 Oct 2020 10:01:01 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=35332 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kPR2v-000593-KN; Mon, 05 Oct 2020 10:00:59 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: bo0od Subject: Re: bug#43770: Geeks think securely: VM per Package (trustless state to devs and their apps) References: <0adb9d2b-22e6-412d-4148-fd032d191b6b@riseup.net> <87mu14e7k5.fsf@elephly.net> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 14 =?utf-8?Q?Vend=C3=A9miaire?= an 229 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 05 Oct 2020 16:00:55 +0200 In-Reply-To: (bo0od@riseup.net's message of "Fri, 2 Oct 2020 22:18:24 +0000") Message-ID: <87zh50wz54.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43770-done Cc: Ricardo Wurmus , 43770-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, bo0od skribis: > Actually what i wanted to say but seems i missed it, This security > design can be engineered and implemented when Guixsd released based on=20 > GNU-Hurd Kernel. Because its going to be totally new kernel and having > this feature is without question the best security feature for the=20 > future of security within operating systems. > > Otherwise we gonna fall into the same cycle of trust to outside > package developers and their codes without preventive mechanism > against if its malicious one. > > If you mean the bug report is not the place for this request, then i > dont know where because i already discussed it in the IRC channel.(if=20 > there is somewhere else i can report this just tell me) It=E2=80=99s great to share your views of what you think should be done fro= m a security standpoint. There=E2=80=99s little more we contributors can say o= ther than: yes, we agree, we=E2=80=99re working in this direction, and it=E2=80= =99s going to be a long journey. What could help though is if people like you come and join us on that journey. I very much encourage you to play with Guix System and in particular with the =E2=80=9Cchildhurd=E2=80=9D service that has recently l= anded and should be of interest to you. For now I=E2=80=99m closing the bug because as Ricardo wrote, it=E2=80=99s = not a bug report per se. Thank you, Ludo=E2=80=99. From unknown Mon Aug 18 11:22:22 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 03 Nov 2020 12:24:07 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator