GNU bug report logs - #59383
[PATCH] doc: Call out potential for downgrade attacks with time-machine.

Previous Next

Package: guix-patches;

Reported by: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>

Date: Sat, 19 Nov 2022 12:10:02 UTC

Severity: normal

Tags: patch

Done: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: zimoun <zimon.toutoune <at> gmail.com>
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, "pelzflorian \(Florian Pelz\)" <pelzflorian <at> pelzflorian.de>, 59383 <at> debbugs.gnu.org
Subject: [bug#59383] [PATCH] doc: Call out potential for downgrade attacks with time-machine.
Date: Tue, 22 Nov 2022 08:58:08 +0100

Hi,

zimoun <zimon.toutoune <at> gmail.com> skribis:

> @quotation Note
> The history of Guix is immutable and @command{guix time-machine}
> provides the exact same software as they are in a specific Guix
> revision.  Naturally, no security fixes are provided for old versions
> of Guix or its channels.  A careless use of @command{guix time-machine}
> opens the door to security vulnerabilities @xref{Invoking guix pull,
> @option{--allow-downgrades}}.
> @end quotation

I like that wording.  Florian, WDYT?

Ludo’.

This bug report was last modified 2 years and 232 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #59383 [PATCH] doc: Call out potential for downgrade attacks with time-machine.

GNU bug report logs - #59383
[PATCH] doc: Call out potential for downgrade attacks with time-machine.