blob: cf1d25b9c1bd91f4cf1c55416cf814016ad225a0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
# When binderlite finds an unkown package in a guix manifest
What do we do if binderlite finds a package that is not in upstream guix in a
manifest?
This is what it currently does:
```
guix environment: error: guile-pipe: unknown package
guix environment: error: failed to load '/tmp/notebooks/jgarte/guile-notebook-genenetwork-api/guix.scm':
gnu/packages.scm:543:4: In procedure specification->package+output:
Throw to key `quit' with args `(1)'.
```
Should we send the user to a 404 Package not Found page and tell them to package
it and submit a patch to upstream before using it in a binderlite container?
=> https://github.com/jgarte/guile-notebook-genenetwork-api/blob/master/guix.scm manifest attempted from
=> https://github.com/joshwalters/guile-pipe the unkown package
## Open questions/Ideas
Should binderlite support building containers with packages from third party
Guix Channels or only packages trusted from upstream?
If yes, how should binderlite users specify/request a channel to subscribe to?
Or, should channels be managed by the sysadmin only for security reasons?
It's probably a security risk since a guix channel can pull in arbitrary
packaged code that might not be audited or fully trusted.
## Tags
* type: bug
* assigned: jgart
* status: unclear
* keywords: binderlite, notebooks
* priority: high
|