Re: NPM and trusted binaries

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NPM and trusted binaries

From:	Mike Gerwitz
Subject:	Re: NPM and trusted binaries
Date:	Wed, 07 Sep 2016 22:45:46 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.0.92 (gnu/linux)

On Tue, Sep 06, 2016 at 18:50:48 +0200, Pjotr Prins wrote:
> On Tue, Sep 06, 2016 at 11:48:04AM -0400, Thompson, David wrote:
>> This violates a core principle of Guix: reproducible builds.  I don't
>> support patches that encourage using pre-built binaries.
>
> In principle I agree. We want to be able to read the code.
>
> Still, I think Guix would benefit from a somewhat more relaxed stance
> in this.

If a user is able to build from source, shouldn't Guix be able to?  And
if neither can, how can we guarantee that the provided binary is even
free and actually corresponds to the given source?

From a software freedom perspective, the source code _is_ the
program.  If that is unworkable, then so is the software itself.

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: 2217 5B02 E626 BC98 D7C0  C2E5 F22B B815 8EE3 0EAB
https://mikegerwitz.com

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: GSoC NPM, (continued)
- Re: GSoC NPM, Thompson, David, 2016/09/02
  - Re: GSoC NPM, Jan Nieuwenhuizen, 2016/09/02
- Re: GSoC NPM, Jelle Licht, 2016/09/02
  - Re: GSoC NPM, Jan Nieuwenhuizen, 2016/09/04
    - Re: GSoC NPM, Thompson, David, 2016/09/06
    - NPM and trusted binaries, Pjotr Prins, 2016/09/06
    - Re: NPM and trusted binaries, Ludovic Courtès, 2016/09/07
    - Re: NPM and trusted binaries, Jan Nieuwenhuizen, 2016/09/07
    - Re: NPM and trusted binaries, Pjotr Prins, 2016/09/08
    - Re: NPM and trusted binaries, Jelle Licht, 2016/09/08
    - Re: NPM and trusted binaries, Mike Gerwitz <=
    - Re: NPM and trusted binaries, Jan Nieuwenhuizen, 2016/09/08
    - Re: NPM and trusted binaries, Mike Gerwitz, 2016/09/08
    - Re: NPM and trusted binaries, Jan Nieuwenhuizen, 2016/09/08
    - Re: NPM and trusted binaries, Mike Gerwitz, 2016/09/08
    - Re: NPM and trusted binaries, Ludovic Courtès, 2016/09/09
    - Re: NPM and trusted binaries, Pjotr Prins, 2016/09/09
- Re: GSoC NPM, Christopher Allan Webber, 2016/09/06
- Re: GSoC NPM, Catonano, 2016/09/06

Prev by Date: [PATCH 3/3] gnu: Add utox.
Next by Date: Re: [PATCH 1/1] gnu: curl: Update replacement to 7.50.2 [fixes CVE-2016-7141].
Previous by thread: Re: NPM and trusted binaries
Next by thread: Re: NPM and trusted binaries
Index(es):
- Date
- Thread