GNU bug report logs - #73166
'shell-authorized-directories' located in the wrong place?

Previous Next

Full log

Message #46 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Suhail Singh <suhailsingh247 <at> gmail.com>
To: Nicolas Graves <ngraves <at> ngraves.fr>
Cc: Saku Laesvuori via Bug reports for GNU Guix <bug-guix <at> gnu.org>,
 Ludovic Courtès <ludo <at> gnu.org>, 73166 <at> debbugs.gnu.org,
 Suhail Singh <suhailsingh247 <at> gmail.com>, Andrew Tropin <andrew <at> trop.in>,
 Saku Laesvuori <saku <at> laesvuori.fi>
Subject: Re: bug#73166: shell-autorized-directories
Date: Tue, 12 Nov 2024 09:50:50 -0500

Nicolas Graves <ngraves <at> ngraves.fr> writes:

> My last message to Saku basically agreed to this ;)

Yes, my bad for only noticing that message after having sent mine.
Whoops.

> I'm actually willing to improve that patch series if you have better
> ideas/implementations, I was just building on what I know
> (direnv/.dir-locals.el).

As a direnv and .dir-locals.el user myself, I think there's some utility
in doing things similarly, at least till we come up with a threat model
on which we have some consensus and which motivates us to deviate from
the norm.

> Maybe we should only allow to automatically run when the manifest is
> able to build without network access in container mode.

I was under the impression that the build phase in guix is always
containerized and without network access.  Could you please elaborate on
this?

> Or include things like automatic git commit authentication on such
> allowed repositories.  But I'm not sure if they are convenient or easy
> to implement, or make sense.

While valuable, I believe if we do provide this, it should only be done
in a manner that the user is able to disable if/as needed.

-- 
Suhail

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.