[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#59383] [PATCH] doc: Call out potential for downgrade attacks with t
|
From: |
pelzflorian (Florian Pelz) |
|
Subject: |
[bug#59383] [PATCH] doc: Call out potential for downgrade attacks with time-machine. |
|
Date: |
Sat, 19 Nov 2022 18:39:50 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) |
Hi Tobias, thanks for your thoughts.
Tobias Geerinckx-Rice <me@tobias.gr> writes:
> pelzflorian (Florian Pelz) 写道:
>> @quotation Note
>> Naturally, no security fixes can be provided for old versions of Guix
>> or its channels. This also means that careless use of @command{guix
>> time-machine} opens the door to downgrade attacks.
>> @xref{Invoking guix pull, @option{--allow-downgrades}}.
>> @end quotation
> ‘Attack’ is a very big word. It should not end a paragraph. What
> would the downgrade attack—distinct from a downgrade—look like?
My choice of words was the same as in the unattended upgrades service,
but perhaps I should add before the @xref:
Suggestions to ``just use the time machine'' could be attempts to trick
people to use old software. But they can also get you back to a working
state.
Regards,
Florian