guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Guix role in a free society


From: Vivien Kraus
Subject: Guix role in a free society
Date: Mon, 18 Mar 2024 18:48:27 +0100
User-agent: Evolution 3.48.4

Hello,

Free software enables cooperation in a free society. More precisely, it
makes it easy for a user of a package to use a new version where the
personal information has been corrected. The thread in [1] questions
our handling of potential cases where a transgender contributor of Guix
or one of its packages requests to change their name. While it would be
nothing but cruel to deny such a request, I want to consider the
broader case of updating personal information in general.

If someone asks you to update your installation of a package to a new
tarball with updated personal information (or a new tag in a rewritten
history), then in a non-free society, you can only say, “Sorry, I’m not
allowed to”. In a free society, you’re allowed to, and you have tools
at your fingertips to make sure it’s harmless to you (diff with your
old version, if you are alone, or collectively check that it follows
semver, remember that it still has all the CVEs, and forget about the
old thing).

If accepting such a safe update makes a security system fire false
positives (such as, guix pull saying there’s a downgrade attack if
guix’ history has been safely rewritten), then it’s a limitation of the
security system. If it’s too much work to silence this warning for a
legitimate reason, then make an announcement about this particular
false positive and let the user proceed.

The guix users, I claim, would rather have a distribution of guix (and
the packages it provides) with accurate personal information, even if
it means to be annoyed for a moment with a security system.


Best regards, 

Vivien

[1] https://lists.gnu.org/archive/html/guix-devel/2024-03/msg00138.html

P.S. I am desensitized to eye-rolling when I talk about free
software ;)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]