GNU bug report logs - #66279
Unexporting <user-account>

Package: guix;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Sat, 30 Sep 2023 10:12:01 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 66279 in the body.
You can then email your comments to 66279 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to maxim.cournoyer <at> gmail.com, bug-guix <at> gnu.org:
bug#66279; Package guix. (Sat, 30 Sep 2023 10:12:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ludovic Courtès <ludo <at> gnu.org>:
New bug report received and forwarded. Copy sent to maxim.cournoyer <at> gmail.com, bug-guix <at> gnu.org. (Sat, 30 Sep 2023 10:12:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: bug-guix <at> gnu.org
Subject: Unexporting <user-account>
Date: Sat, 30 Sep 2023 12:10:51 +0200

Hi Maxim,

Commit 03795e2ba27424fc98957da00f6c71325e7ae425 exports the
<user-account> record type descriptor (RTD).

Common practice is to keep RTDs private because by publishing them, we
make it harder to change the ABI (because users might be matching fields
positionally) and we make it trivial for users to forge records of that
type, bypassing any checks we may have in the official constructor (such
as “sanitizers”).

What do you think of reverting this commit?  I don’t see references to
<user-account> outside of its module.

(I’m aware there are a few other places where RTDs are exported; I think
we should eventually fix them as well.)

Ludo’.

Information forwarded to bug-guix <at> gnu.org:
bug#66279; Package guix. (Sun, 01 Oct 2023 20:29:01 GMT) Full text and rfc822 format available.

Message #8 received at 66279 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 66279 <at> debbugs.gnu.org
Subject: Re: bug#66279: Unexporting <user-account>
Date: Sun, 01 Oct 2023 16:28:31 -0400

Hi Ludovic,

Ludovic Courtès <ludo <at> gnu.org> writes:

> Hi Maxim,
>
> Commit 03795e2ba27424fc98957da00f6c71325e7ae425 exports the
> <user-account> record type descriptor (RTD).
>
> Common practice is to keep RTDs private because by publishing them, we
> make it harder to change the ABI (because users might be matching fields
> positionally) and we make it trivial for users to forge records of that
> type, bypassing any checks we may have in the official constructor (such
> as “sanitizers”).

Perhaps we should document this?  More power to the users!

> What do you think of reverting this commit?  I don’t see references to
> <user-account> outside of its module.

I'd like to note there are also valid usages requiring a record type,
such as 'match-record' from (guix records).  Otherwise, I don't feel
strongly about it, but if if's done I think the rationale you gave above
should be documented in our contributing guidelines.

-- 
Thanks,
Maxim

Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Thu, 05 Oct 2023 21:30:02 GMT) Full text and rfc822 format available.

Notification sent to Ludovic Courtès <ludo <at> gnu.org>:
bug acknowledged by developer. (Thu, 05 Oct 2023 21:30:02 GMT) Full text and rfc822 format available.

Message #13 received at 66279-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 66279-done <at> debbugs.gnu.org
Subject: Re: bug#66279: Unexporting <user-account>
Date: Thu, 05 Oct 2023 23:28:49 +0200

Hi,

Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:

> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> Hi Maxim,
>>
>> Commit 03795e2ba27424fc98957da00f6c71325e7ae425 exports the
>> <user-account> record type descriptor (RTD).
>>
>> Common practice is to keep RTDs private because by publishing them, we
>> make it harder to change the ABI (because users might be matching fields
>> positionally) and we make it trivial for users to forge records of that
>> type, bypassing any checks we may have in the official constructor (such
>> as “sanitizers”).
>
> Perhaps we should document this?  More power to the users!

Done in commit 7b710836a1c7cb921f54ead64f465bcc5333d076, based on what I
wrote above.

>> What do you think of reverting this commit?  I don’t see references to
>> <user-account> outside of its module.
>
> I'd like to note there are also valid usages requiring a record type,
> such as 'match-record' from (guix records).  Otherwise, I don't feel
> strongly about it, but if if's done I think the rationale you gave above
> should be documented in our contributing guidelines.

Alright, done as well in commit
97927608cb4f9c5d721115f1cb638de17ac38e62.

Thanks,
Ludo’.

bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 03 Nov 2023 11:24:17 GMT) Full text and rfc822 format available.

This bug report was last modified 1 year and 289 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #66279 Unexporting <user-account>

GNU bug report logs - #66279
Unexporting <user-account>