[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: store reference detection (was Re: JARs and reference scanning)
|
From: |
Mark H Weaver |
|
Subject: |
Re: store reference detection (was Re: JARs and reference scanning) |
|
Date: |
Fri, 12 May 2017 02:18:53 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Hartmut Goebel <address@hidden> writes:
> Am 02.05.2017 um 14:43 schrieb Ludovic Courtès:
>> Hartmut Goebel <address@hidden> skribis:
>>
>>> Am 27.04.2017 um 15:46 schrieb Ludovic Courtès:
>>>> ‘propagated-inputs’ is one way to manually specify run-time references.
>>>> It works at the package level and not at the store level—that is, the
>>>> store item’s references are unaffected by what ‘propagated-inputs’
>>>> contains. It’s usually enough for our purposes though.
>>> I'm not sure if 'propagated-inputs' are enough. For example
>>> "python-passlib" as propagated-input python-py-bcrypt, but the later
>>> does not show up as reference, requisite nor referrer:
>> Right, that’s what I meant by “not at the store level” above.
>>
>> Ludo’.
> So I propose to add a small text file ".guix-dependencies' to all
> language's packages which do not add some kind of references themselves:
> Python, Perl, Java, etc.
I have thought of doing this in the past, but there's another more
difficult problem that would also need to be solved: how to make
grafting work for these non-plaintext references. If grafting doesn't
work, there's a good chance that software with known security flaws will
continue to be executed.
Mark
- Re: store reference detection (was Re: JARs and reference scanning), (continued)
- Re: store reference detection (was Re: JARs and reference scanning), Ricardo Wurmus, 2017/05/08
- Re: store reference detection (was Re: JARs and reference scanning), Ludovic Courtès, 2017/05/08
- Re: store reference detection (was Re: JARs and reference scanning), Chris Marusich, 2017/05/11
- Re: store reference detection (was Re: JARs and reference scanning), Ricardo Wurmus, 2017/05/11
- Re: store reference detection (was Re: JARs and reference scanning), Chris Marusich, 2017/05/12
- Re: store reference detection (was Re: JARs and reference scanning), Ricardo Wurmus, 2017/05/12
- Re: store reference detection (was Re: JARs and reference scanning), Hartmut Goebel, 2017/05/12
- Re: store reference detection (was Re: JARs and reference scanning), Mark H Weaver, 2017/05/12
- Re: store reference detection (was Re: JARs and reference scanning), Hartmut Goebel, 2017/05/12
- Re: store reference detection (was Re: JARs and reference scanning), Mark H Weaver, 2017/05/12
Re: store reference detection (was Re: JARs and reference scanning),
Mark H Weaver <=
- Re: store reference detection (was Re: JARs and reference scanning), Chris Marusich, 2017/05/12
- Re: store reference detection, Hartmut Goebel, 2017/05/12
- Re: store reference detection (was Re: JARs and reference scanning), Mark H Weaver, 2017/05/12
- Re: store reference detection (was Re: JARs and reference scanning), Leo Famulari, 2017/05/12
- Re: store reference detection (was Re: JARs and reference scanning), Hartmut Goebel, 2017/05/12
- Re: store reference detection (was Re: JARs and reference scanning), Mark H Weaver, 2017/05/12
- Re: store reference detection (was Re: JARs and reference scanning), Hartmut Goebel, 2017/05/13
- Re: store reference detection (was Re: JARs and reference scanning), Chris Marusich, 2017/05/23