Unexporting <user-account>

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Maxim Cournoyer
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
normal
L
L
Ludovic Courtès wrote on 30 Sep 2023 12:10
(address . bug-guix@gnu.org)
87jzs8t1hw.fsf@inria.fr
Hi Maxim,

Commit 03795e2ba27424fc98957da00f6c71325e7ae425 exports the
<user-account> record type descriptor (RTD).

Common practice is to keep RTDs private because by publishing them, we
make it harder to change the ABI (because users might be matching fields
positionally) and we make it trivial for users to forge records of that
type, bypassing any checks we may have in the official constructor (such
as “sanitizers”).

What do you think of reverting this commit? I don’t see references to
<user-account> outside of its module.

(I’m aware there are a few other places where RTDs are exported; I think
we should eventually fix them as well.)

Ludo’.
M
M
Maxim Cournoyer wrote on 1 Oct 2023 22:28
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 66279@debbugs.gnu.org)
87wmw65bps.fsf@gmail.com
Hi Ludovic,

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (11 lines)
> Hi Maxim,
>
> Commit 03795e2ba27424fc98957da00f6c71325e7ae425 exports the
> <user-account> record type descriptor (RTD).
>
> Common practice is to keep RTDs private because by publishing them, we
> make it harder to change the ABI (because users might be matching fields
> positionally) and we make it trivial for users to forge records of that
> type, bypassing any checks we may have in the official constructor (such
> as “sanitizers”).

Perhaps we should document this? More power to the users!

Toggle quote (3 lines)
> What do you think of reverting this commit? I don’t see references to
> <user-account> outside of its module.

I'd like to note there are also valid usages requiring a record type,
such as 'match-record' from (guix records). Otherwise, I don't feel
strongly about it, but if if's done I think the rationale you gave above
should be documented in our contributing guidelines.

--
Thanks,
Maxim
L
L
Ludovic Courtès wrote on 5 Oct 2023 23:28
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 66279-done@debbugs.gnu.org)
87h6n421ym.fsf@gnu.org
Hi,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (15 lines)
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Hi Maxim,
>>
>> Commit 03795e2ba27424fc98957da00f6c71325e7ae425 exports the
>> <user-account> record type descriptor (RTD).
>>
>> Common practice is to keep RTDs private because by publishing them, we
>> make it harder to change the ABI (because users might be matching fields
>> positionally) and we make it trivial for users to forge records of that
>> type, bypassing any checks we may have in the official constructor (such
>> as “sanitizers”).
>
> Perhaps we should document this? More power to the users!

Done in commit 7b710836a1c7cb921f54ead64f465bcc5333d076, based on what I
wrote above.

Toggle quote (8 lines)
>> What do you think of reverting this commit? I don’t see references to
>> <user-account> outside of its module.
>
> I'd like to note there are also valid usages requiring a record type,
> such as 'match-record' from (guix records). Otherwise, I don't feel
> strongly about it, but if if's done I think the rationale you gave above
> should be documented in our contributing guidelines.

Alright, done as well in commit
97927608cb4f9c5d721115f1cb638de17ac38e62.

Thanks,
Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 66279@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 66279
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch