[Nix-dev] What about introducing security.packages?

[Michael Raskin]

<CAG1v4pdmuTRS3KkoVuJRS8ntkVYe6ky9Q2WSZvyoebW9tbb25g at mail.gmail.com>)
Mime-Version: 1.0
Content-type: text/plain; charset="UTF-8"

>Another solution would be having a black/white list. If a package should
>be added to DBUS but is contained in neither list tell the user to do
>so. This way users have a choice but won't miss to make the decision.
>
>Eg:
>
>  systemPackages = [ pkgProvidingDbusConfig pkg2ProvidingDbusConfig pkg3ProvidingDbusConfig ];
>
>  dbus.whitelist= [pkgProvidingDbusConfig];
>  dbus.blacklist= [pkg2ProvidingDbusConfig];
>
>Now nixos-rebuild will fail because pkg3ProvidingDbusConfig is not
>contained in either list.
>
>This is yet another take on it which would satisfy security to some
>extend and make things work because users won't forget to whitelist some
>packages. Thinking about it I'd prefer this one. Eg we could add
>additional info then:
>
>meta / passthru = {
>  providesDbusConfig = {
>    why = "Without this XY won't work - however security risk might be
>    ...";
>  }
>}
>
>Is complexity a bigger issue than the value this solution provides?
>Don't know. It would minimize questions and debugging. That's why its
>my favorite. The only downside is that users have to make a choice which
>also is a feature.

The real downside is that one can end up having _multiple_ large
white/blacklists. 

My system-path derivation lists more than 600 paths... I like this way 
of managing package installation; your proposal would make it somewhat
harder...