[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security of packages in official repo
From: |
zimoun |
Subject: |
Re: Security of packages in official repo |
Date: |
Thu, 26 Nov 2020 20:50:28 +0100 |
Hi,
On Thu, 26 Nov 2020 at 19:07, Phil <phil@beadling.co.uk> wrote:
> The important point is that the patch is vetted by the members of
> guix-patches@gnu.org mail list. And I assume packages which appear
> inappropriate for whatever reason are not accepted by members of this
> list?
Anyone can subscribe to guix-patches and discuss the patches. Give a
look at:
<http://issues.guix.gnu.org/>
However, a set of restricted people have commit access and so push code
which is compliant with the GNU standards.
> As a workaround it would seem perfectly possible to host a private Guix
> channel with a subset of packages on that have been internally vetted,
> but it would be more in the spirit of Guix to contribute and use the
> official package repo.
Yes, custom Channels [1] is the way to deliver variants. Well, it is up
to the channel maintainer to set the rules of the very channel; for
instance, provide or not non-free software. Therefore, the Wild West
could happen to some custom Channels.
1: <https://guix.gnu.org/manual/devel/en/guix.html#Channels>
All the best,
simon