GNU bug report logs - #48146
Getting diverted to non-updated branches: a limitation of the authentication mechanism?

Package: guix;

Reported by: Maxime Devos <maximedevos <at> telenet.be>

Date: Sat, 1 May 2021 21:41:01 UTC

Severity: normal

Tags: security

Message #8 received at 48146 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Maxime Devos <maximedevos <at> telenet.be>
Cc: 48146 <at> debbugs.gnu.org
Subject: Re: bug#48146: Getting diverted to non-updated branches: a
 limitation of the authentication mechanism?
Date: Sun, 2 May 2021 00:09:50 -0400

On Sat, May 01, 2021 at 11:40:01PM +0200, Maxime Devos wrote:
> Tags: + security
> 
> Hi guix,
> 
> Consider the following situation:

Check this blog post and The Update Framework's concept of "indefinite
freeze attacks", which I think is what you are describing:

https://guix.gnu.org/en/blog/2020/securing-updates/
https://theupdateframework.io/ (check the "specification")

This bug report was last modified 4 years and 40 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #48146 Getting diverted to non-updated branches: a limitation of the authentication mechanism?

GNU bug report logs - #48146
Getting diverted to non-updated branches: a limitation of the authentication mechanism?