security concerns of using guix packages

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

security concerns of using guix packages

From:	Cook, Malcolm
Subject:	security concerns of using guix packages
Date:	Fri, 3 Jul 2015 00:38:49 +0000

Hello Guixen (Guixers?  Guix-noscenti?)

The sys admin at my institute expresses concern that we would potentially 
expose ourselves to additional security risk by building scientific software 
stack in Guix where we might depend on alternate versions of, say, openssl.

Do you agree this is a reasonable concern, and, if so, is there a "position 
statement" on the matter?  

I'm guessing this is in part a matter of trust - i.e. do we trust GNU/guix gang 
as much as, say the Red Hat/CentOS gang.  Or am I perhaps misunderstanding the 
consideration?

I'd be interested in hearing any position on the matter.

Thanks for your consideration,

Malcolm Cook
Computational Biology
Stowers Institute for Medical Research

[Prev in Thread]

Current Thread

[Next in Thread]

security concerns of using guix packages, Cook, Malcolm <=
- Re: security concerns of using guix packages, John Darrington, 2015/07/03
  - Re: security concerns of using guix packages, 韋嘉誠, 2015/07/03
    - Re: security concerns of using guix packages, Ludovic Courtès, 2015/07/04
- Re: security concerns of using guix packages, Pjotr Prins, 2015/07/04
- Re: security concerns of using guix packages, Ludovic Courtès, 2015/07/04
  - Re: security concerns of using guix packages, Pjotr Prins, 2015/07/04
  - Re: security concerns of using guix packages, 韋嘉誠, 2015/07/04
    - Re: security concerns of using guix packages, John Darrington, 2015/07/04

Prev by Date: Re: [PATCH] gnu: icecat: Display IPA.
Next by Date: Re: security concerns of using guix packages
Previous by thread: [PATCH] gnu: icecat: Display IPA.
Next by thread: Re: security concerns of using guix packages
Index(es):
- Date
- Thread