GNU bug report logs - #50960
[PATCH 00/10] Add 'guix shell' to subsume 'guix environment'

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Sat, 2 Oct 2021 10:22:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 50960 <at> debbugs.gnu.org, "Thompson, David" <dthompson2 <at> worcester.edu>
Subject: [bug#50960] [PATCH 00/10] Add 'guix shell' to subsume 'guix environment'
Date: Thu, 7 Oct 2021 12:52:36 +0200

I’m not a direnv user and frankly don’t really understand the gain
from loading by default the guix.scm file nor manifest.scm.

My fear is accidentally running code, possibly malicious, possibly
just a backup script one happened to call guix.scm.  In German we have
the word DAU for “dumbest assumable user”.  Guix without shell is
DAU-prove.

Both

- Konrad Hinsen’s suggestion of two different commands and

- Nicolò Balzarotti’s suggestion of having to explicitly allow a file

would take away my paranoia of accidentally running code.  (By just
not using Konrad Hinsen’s other command.)

- Hidden .-rc files in the current directory would not take away my
  paranoia of malicious code.

- I think printing a suggestion to use --file=../guix.scm is fine.

Bash is different from Guix Shell.  It does not load code from . or
arbitrary parent directories.

Regards,
Florian
This bug report was last modified 3 years and 262 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.