[bug#59383] [PATCH] doc: Call out potential for downgrade attacks with time-machine.

[zimoun]

Hi,

On Sat, 19 Nov 2022 at 18:39, "pelzflorian (Florian Pelz)" 
<pelzflorian@pelzflorian.de> wrote:

>>> @quotation Note
>>> Naturally, no security fixes can be provided for old versions of Guix
>>> or its channels.  This also means that careless use of @command{guix
>>> time-machine} opens the door to downgrade attacks.
>>> @xref{Invoking guix pull, @option{--allow-downgrades}}.
>>> @end quotation
>>
>> ‘Attack’ is a very big word.  It should not end a paragraph.  What
>> would the downgrade attack—distinct from a downgrade—look like?

Why not something like,

--8<---------------cut here---------------start------------->8---
@quotation Note
The history of Guix is immutable and @command{guix time-machine}
provides the exact same software as they are in a specific Guix
revision.  Naturally, no security fixes are provided for old versions
of Guix or its channels.  A careless use of @command{guix time-machine}
opens the door to security vulnerabilities @xref{Invoking guix pull,
@option{--allow-downgrades}}.
@end quotation
--8<---------------cut here---------------end--------------->8---

?

Cheers,
simon