guix-science
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: “What’s in a package”

From: Katherine Cox-Buday
Subject: Re: “What’s in a package”
Date: Tue, 21 Sep 2021 15:20:20 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) 
Ludovic Courtès <ludovic.courtes@inria.fr> writes:

> Hello Guix!
>
> I and others are often disappointed (or angry!) when looking at the
> weaknesses of the most popular software deployment tools.  I felt that
> acutely after packaging PyTorch last month and felt the need to look
> more closely at what others are doing and to document our motivation,
> having put so much sweat in all these packages:
>
>   https://hpc.guix.info/blog/2021/09/whats-in-a-package/
>
> It’s probably no news to people here, but the packaging approach has a
> direct impact on verifiability, and thus on security and transparency,
> as expected from a scientific process.  The idea is to explain all that
> looking at the contents of packages, in particular for pip and CONDA.
>
> Feel free to share with non-Guix people and to comment!
>
> Ludo’.

I appreciate this post very much. Setting aside questions of freedom, and 
security -- both of which I value a lot -- the main benefit of Guix has, for 
me, been: simplicity (but not always ease)[1]. I.e., when trying to achieve a 
goal, it is a pain to package things that aren't yet packaged, but what I get 
in return are sane environments, deployments, and meta-data about all of these.

This is perhaps a rehash of the "worse is better"[2] conversation, but I often 
struggle with deciding whether to do things the "fast" way, or the "correct" 
way. I think when your path is clear, the correct way will get you farther, 
faster. But when you're doing experiments, or exploratory programming, being 
bogged down with the "correct" way of doing things (i.e. Guix packages) might 
take a lot of time for no benefit. E.g. maybe you end up packaging a cluster of 
things that you find out don't work out for you. Of course the challenge is: if 
you choose the fast way, and it works out, do you got back to do it the correct 
way so that you're on sound footing?

Bringing this back to Guix, and maybe the GNU philosophy, it has been very 
helpful for me to be able to leverage the flexibility of Guix to occasionally 
do things the "fast" way, perhaps by packaging a binary. Paradoxically, it has 
allowed me to stay within the Guix and free software ecosystem. In my opinion, 
flexibility is key to growing the ecosystem and community, and I would 
encourage Guix as a project to take every opportunity to give the user options.

[1] - https://www.infoq.com/presentations/Simple-Made-Easy/
[2] - https://en.wikipedia.org/wiki/Worse_is_better

-- 
Katherine
reply via email to
[Prev in Thread] Current Thread [Next in Thread]