[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
branch master updated: doc: Call out potential for security vulnerabilit
|
From: |
guix-commits |
|
Subject: |
branch master updated: doc: Call out potential for security vulnerabilities in old software. |
|
Date: |
Tue, 22 Nov 2022 09:41:40 -0500 |
This is an automated email from the git hooks/post-receive script.
pelzflorian pushed a commit to branch master
in repository guix.
The following commit(s) were added to refs/heads/master by this push:
new b8d4c323f5 doc: Call out potential for security vulnerabilities in old
software.
b8d4c323f5 is described below
commit b8d4c323f5d089dd800b358143d5bae26c965404
Author: pelzflorian (Florian Pelz) <pelzflorian@pelzflorian.de>
AuthorDate: Sat Nov 19 13:09:31 2022 +0100
doc: Call out potential for security vulnerabilities in old software.
* doc/guix.texi (Invoking guix time-machine): Add a note.
Co-authored by: Simon Tournier <zimon.toutoune@gmail.com>
---
doc/guix.texi | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 9155b605f2..c0cb24d709 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -60,7 +60,7 @@ Copyright @copyright{} 2018, 2021 Oleg Pykhalov@*
Copyright @copyright{} 2018 Mike Gerwitz@*
Copyright @copyright{} 2018 Pierre-Antoine Rouby@*
Copyright @copyright{} 2018, 2019 Gábor Boskovits@*
-Copyright @copyright{} 2018, 2019, 2020 Florian Pelz@*
+Copyright @copyright{} 2018, 2019, 2020, 2022 Florian Pelz@*
Copyright @copyright{} 2018 Laura Lazzati@*
Copyright @copyright{} 2018 Alex Vong@*
Copyright @copyright{} 2019 Josh Holland@*
@@ -4834,6 +4834,15 @@ invocation can be expensive: it may have to download or
even build a
large number of packages; the result is cached though and subsequent
commands targeting the same commit are almost instantaneous.
+@quotation Note
+The history of Guix is immutable and @command{guix time-machine}
+provides the exact same software as they are in a specific Guix
+revision. Naturally, no security fixes are provided for old versions
+of Guix or its channels. A careless use of @command{guix time-machine}
+opens the door to security vulnerabilities. @xref{Invoking guix pull,
+@option{--allow-downgrades}}.
+@end quotation
+
The general syntax is:
@example
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- branch master updated: doc: Call out potential for security vulnerabilities in old software.,
guix-commits <=