GNU bug report logs - #70022
[PATCH 0/2] Binary Installation: Add more distros.

Previous Next

Package: guix-patches;

Reported by: Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org>

Date: Tue, 26 Mar 2024 23:47:02 UTC

Severity: normal

Tags: patch

Done: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>

Bug is archived. No further changes may be made.

Full log

Message #23 received at 70022 <at> debbugs.gnu.org (full text, mbox):

From: Florian Pelz <pelzflorian <at> pelzflorian.de>
To: 70022 <at> debbugs.gnu.org
Cc: Florian Pelz <pelzflorian <at> pelzflorian.de>
Subject: [PATCH v2 1/3] doc: Warn about foreign distro Guix packages' security.
Date: Fri, 12 Apr 2024 14:00:03 +0200

* doc/guix.texi (Binary Installation): Prefix installation instructions
with a warning.

Change-Id: I088c7f00f4c3c8e32bdfd117ea934942930f7513
---
 doc/guix.texi | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 5827e0de14..341e463add 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -741,6 +741,13 @@ Binary Installation
 may be older than @value{VERSION} but you can update it afterwards by
 running @samp{guix pull}.
 
+In the past, occasionally, security vulnerabilities in
+@command{guix-daemon} have been discovered and fixes for them have not
+yet been provided in foreign distribution’s packages.  We advise those
+who install Guix, both from the installation script or by distro
+packages, to also regularly read and follow security notices, as shown
+by @command{guix pull}.
+
 For Debian or a derivative such as Ubuntu, call:
 
 @example

base-commit: 4e7337536ba41e888a601c92fada8a4adca9d2c6
-- 
2.41.0

This bug report was last modified 1 year and 38 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #70022 [PATCH 0/2] Binary Installation: Add more distros.

GNU bug report logs - #70022
[PATCH 0/2] Binary Installation: Add more distros.