Re: server and client in one package -> security issue (was: Add murmur)

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: server and client in one package -> security issue (was: Add murmur)

From:	David Craven
Subject:	Re: server and client in one package -> security issue (was: Add murmur)
Date:	Sun, 12 Feb 2017 13:53:57 +0100

> And from my point of view Guix already has a medium problem of acceptance
> since it munges development-files and run-time files into one package - as we
> do for all libraries.

By development files I assume you mean header files? I don't see how those can
pose a security problem. Can you elaborate?

> Now if Guix starts munging server and client components into one
> package, this plain disqualifies GuixSD from any security sensitive
> system. [*]

> [*] OTOH it opens up chances for big business: selling "Secure GuixSD"
> to customers.

I think that we provide security on a best effort basis. A high profile target
like a bank or credit card payment service will likely have their own security
team and will use guixsd as a basis for their deployment. We can not do the
work that is the responsibility of an in house sysops team.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Add murmur., (continued)

Prev by Date: Re: server and client in one package -> security issue (was: Add murmur)
Next by Date: Re: `guix pull` over HTTPS
Previous by thread: Re: server and client in one package -> security issue (was: Add murmur)
Next by thread: Re: server and client in one package -> security issue
Index(es):
- Date
- Thread