On 04-Jul-2015 4:22 pm, "Ludovic Courtès" <ludo@gnu.org> wrote:

> A related concern is the time it takes to actually deploy the fixed
> binaries on your machine.  This is discussed at:
>
>   http://www.gnu.org/software/guix/manual/html_node/Security-Updates.html

Ok, this is great. Gives sysadmins a chance to affect packages users have
installed rather than having to help or force them to upgrade.

Still, if an installed package is not depending on the latest version of
the vulnerable package, the graft won't reach them. So there is still some
education and continuous information necessary if you want to be on top of
things.

Still, as was mentioned elsewhere in the conversation, if the alternative
is home-rolled software in every home directory, which is probably the
case, then guix is superior in several ways.