GNU bug report logs - #59383
[PATCH] doc: Call out potential for downgrade attacks with time-machine.

Previous Next

Package: guix-patches;

Reported by: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>

Date: Sat, 19 Nov 2022 12:10:02 UTC

Severity: normal

Tags: patch

Done: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
Cc: 59383 <at> debbugs.gnu.org
Subject: [bug#59383] [PATCH] doc: Call out potential for downgrade attacks with time-machine.
Date: Sat, 19 Nov 2022 14:37:16 +0100

[Message part 1 (text/plain, inline)]

Hi Florian,

and thanks for the patch.

pelzflorian (Florian Pelz) 写道：
> +@quotation Note
> +Naturally, no security fixes can be provided for old versions 
> of Guix
> +or its channels.  This also means that careless use of 
> @command{guix
> +time-machine} opens the door to downgrade attacks.
> +@xref{Invoking guix pull, @option{--allow-downgrades}}.
> +@end quotation

‘Attack’ is a very big word.  It should not end a paragraph.  What 
would the downgrade attack—distinct from a downgrade—look like?

Kind regards,

T G-R

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 2 years and 232 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #59383 [PATCH] doc: Call out potential for downgrade attacks with time-machine.

GNU bug report logs - #59383
[PATCH] doc: Call out potential for downgrade attacks with time-machine.