[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
security concerns of using guix packages
From: |
Cook, Malcolm |
Subject: |
security concerns of using guix packages |
Date: |
Fri, 3 Jul 2015 00:38:49 +0000 |
Hello Guixen (Guixers? Guix-noscenti?)
The sys admin at my institute expresses concern that we would potentially
expose ourselves to additional security risk by building scientific software
stack in Guix where we might depend on alternate versions of, say, openssl.
Do you agree this is a reasonable concern, and, if so, is there a "position
statement" on the matter?
I'm guessing this is in part a matter of trust - i.e. do we trust GNU/guix gang
as much as, say the Red Hat/CentOS gang. Or am I perhaps misunderstanding the
consideration?
I'd be interested in hearing any position on the matter.
Thanks for your consideration,
Malcolm Cook
Computational Biology
Stowers Institute for Medical Research
- security concerns of using guix packages,
Cook, Malcolm <=