diff options
author | pelzflorian (Florian Pelz) <pelzflorian@pelzflorian.de> | 2022-11-19 13:09:31 +0100 |
---|---|---|
committer | Florian Pelz <pelzflorian@pelzflorian.de> | 2022-11-22 15:36:25 +0100 |
commit | b8d4c323f5d089dd800b358143d5bae26c965404 (patch) | |
tree | 1abfcf890720fa433c1f938cdf47c4f622c60b14 /doc/guix.texi | |
parent | a44d6e1ea28ec2ac22ba5699a66817320ddbe915 (diff) | |
download | guix-b8d4c323f5d089dd800b358143d5bae26c965404.tar.gz |
doc: Call out potential for security vulnerabilities in old software.
* doc/guix.texi (Invoking guix time-machine): Add a note. Co-authored by: Simon Tournier <zimon.toutoune@gmail.com>
Diffstat (limited to 'doc/guix.texi')
-rw-r--r-- | doc/guix.texi | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 9155b605f2..c0cb24d709 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -60,7 +60,7 @@ Copyright @copyright{} 2018, 2021 Oleg Pykhalov@* Copyright @copyright{} 2018 Mike Gerwitz@* Copyright @copyright{} 2018 Pierre-Antoine Rouby@* Copyright @copyright{} 2018, 2019 Gábor Boskovits@* -Copyright @copyright{} 2018, 2019, 2020 Florian Pelz@* +Copyright @copyright{} 2018, 2019, 2020, 2022 Florian Pelz@* Copyright @copyright{} 2018 Laura Lazzati@* Copyright @copyright{} 2018 Alex Vong@* Copyright @copyright{} 2019 Josh Holland@* @@ -4834,6 +4834,15 @@ invocation can be expensive: it may have to download or even build a large number of packages; the result is cached though and subsequent commands targeting the same commit are almost instantaneous. +@quotation Note +The history of Guix is immutable and @command{guix time-machine} +provides the exact same software as they are in a specific Guix +revision. Naturally, no security fixes are provided for old versions +of Guix or its channels. A careless use of @command{guix time-machine} +opens the door to security vulnerabilities. @xref{Invoking guix pull, +@option{--allow-downgrades}}. +@end quotation + The general syntax is: @example |