From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id GB5TDYgKYWYgHAEAqHPOHw:P1 (envelope-from ) for ; Thu, 06 Jun 2024 03:02:00 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id GB5TDYgKYWYgHAEAqHPOHw (envelope-from ) for ; Thu, 06 Jun 2024 03:02:00 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=lLeDKe4b; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1717635720; a=rsa-sha256; cv=none; b=WuWw58U3qZZXc+wHuW9WhG4W/CCX85omALfJEBMyK3cz8Yc0ZKzNkqKc1zGdUMhG4wQ5KQ pSQmCMIejn/g3qDF+YNGqspkSKcMyvmsWGGpfF0XAOq1JNYeSvpP1Opnq9Mf+wWI2yhvFx L8M8pcHkP0XxIgKbH8hL0oidCNmTC9+f6M/b7DG366lOz6688WE3tiRmvlWQA3BRJ2C9Ku M11RrV9pg2duKIC1oVQav2csYU/AtJyquSg5/Eo1vecizNKzDVaKEvR+K3dIDMLRZGaZUS TL3NrlqDtL+m1ia9H6F1YbM+k4Lp76jH4pWO20BwzDQoE/9fzRKZvnVGQSMzcw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=lLeDKe4b; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1717635720; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=o8Foa+Up3nFRRs9klDzfWkF8gvLh0tBN5Py/WOvvUGI=; b=KVuAcwPa1UjXJDjeBN2dDyyKvqgEtSjqTXdvja7Z50S2g2eTxb7LmkQqa+qbeRrxpFTwXe 5YPLuRv4LyeGrWwqGFQuXy2YfS+nmsXVR94CsfFric3SmzzJPMB2yw6a1USgQfX/tA9ocg +5H9fqE12kxd5n8OAomrWP3hU60VErZCgDct67Ls4+GoUlrQzMXApQLMxUl9PmPi7Xwixm 7BvD0JWnOLsbHBahwvP/OajnQQbIv+XitzeASYWwvH8GajT67KOoBV5iUHnZ56jRas6FYd +EpslRoygwXLSlVGYr/GeHVUG1ncjRnhyIYRLpdQxOl2wn53d1dpjoZChKm9PQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 0307C1EF88 for ; Thu, 6 Jun 2024 03:02:00 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sF1Vm-0003cG-0H; Wed, 05 Jun 2024 21:01:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sF1Vk-0003bs-Ix for guix-patches@gnu.org; Wed, 05 Jun 2024 21:01:48 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sF1Vk-00049p-AI for guix-patches@gnu.org; Wed, 05 Jun 2024 21:01:48 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sF1Vy-0004J9-Ho for guix-patches@gnu.org; Wed, 05 Jun 2024 21:02:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70022] [PATCH v3 1/3] doc: Warn about foreign distro Guix packages' security. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 06 Jun 2024 01:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70022 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Florian Pelz Cc: 70022@debbugs.gnu.org Received: via spool by 70022-submit@debbugs.gnu.org id=B70022.171763566616408 (code B ref 70022); Thu, 06 Jun 2024 01:02:02 +0000 Received: (at 70022) by debbugs.gnu.org; 6 Jun 2024 01:01:06 +0000 Received: from localhost ([127.0.0.1]:52836 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sF1V3-0004GZ-JO for submit@debbugs.gnu.org; Wed, 05 Jun 2024 21:01:06 -0400 Received: from mail-qv1-f41.google.com ([209.85.219.41]:61647) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sF1V1-0004Fn-Gg for 70022@debbugs.gnu.org; Wed, 05 Jun 2024 21:01:03 -0400 Received: by mail-qv1-f41.google.com with SMTP id 6a1803df08f44-6af27d0c9f8so1909126d6.2 for <70022@debbugs.gnu.org>; Wed, 05 Jun 2024 18:00:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717635583; x=1718240383; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=o8Foa+Up3nFRRs9klDzfWkF8gvLh0tBN5Py/WOvvUGI=; b=lLeDKe4bfXgPcYfKza0dGNTawFUTOfLMYXT+H2u2kbB6KCnfVmwp750UvrB5RZPvyY hqIfL5L0AoS7KMmVj8uCQjcXvB+1HXmEPVArIOW/XnhMqwKt1v7fW8CIVBcBZ488T8wW YlkOXIuaXq7V4HsW7DfuErG32c6u0TJ5CWJ5Uvbw1tuMDjNfD+SwLHv67j2+a4Vi9Me5 Qz7tqu+JkbLk6+asw/UPlxF+AEH7mH/OaNlaeih21QOEq5bDpr9VIUzkiMuEdITO2i7V 0P98gcUH8BQGY6+o3LousUyslkbJgqzDg9FPamxizsyWM7cc5i18g7KsmCVaPpIPXi+s x8kQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717635583; x=1718240383; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=o8Foa+Up3nFRRs9klDzfWkF8gvLh0tBN5Py/WOvvUGI=; b=J9trC8j+ENxEFIcn81rEo1A2SxqT2H8KKmTxtgBEYxDFpBr4bXGz6ltdAVZDv+fn2L oD/P4O0vkEHAvmWgMMgkRSsYPL6tKsu6x23/nq/UdYi2KhV4ZAajXoiT5OKWWbabYwVR gkgyuP9JW6eCm+R2UnDnArM3VDE+2O74duRiJeiuJ7hvD516G/crdBYwQ2Sw+NnrK6z7 8wGPn2zTHfZkWjoqoefNZyfvEhiZO4T1lZqm9CZALFEkVMN6prpzNbdL0gyCyuIDode9 J3VKlURydT2iJ+gd2XUnBpvDeD11LubzHEA+LlvLDbUo63LUQ1NpfuMRE+Ql890oqBWJ 9H5Q== X-Gm-Message-State: AOJu0YzWt4hz7sAaKxKUbCpPLNyBxeKqwfo/x8EM+kxw5Sh6IsXs14Bs xUwSMDLbyiq+o8vBc6pICOtXSOVgrF4JvSmEpTzapah9O/4cB88d5Qnetgp/ X-Google-Smtp-Source: AGHT+IGZNSOveMgUJAV28ZD/yf5jJLaW1EZoCBQ8EQwDW65Y9woSv9Xr3WZGHzm78VCP279m1+pwlA== X-Received: by 2002:a05:6214:3b86:b0:6b0:48fb:138e with SMTP id 6a1803df08f44-6b048fb13eamr25963726d6.14.1717635583051; Wed, 05 Jun 2024 17:59:43 -0700 (PDT) Received: from hurd (dsl-10-133-150.b2b2c.ca. [72.10.133.150]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6b04f9fa5b5sm1142556d6.127.2024.06.05.17.59.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Jun 2024 17:59:41 -0700 (PDT) From: Maxim Cournoyer In-Reply-To: <3ebf53b234f198e123437b7928df5895eb7386fd.1712992731.git.pelzflorian@pelzflorian.de> (Florian Pelz's message of "Sat, 13 Apr 2024 09:18:50 +0200") References: <3ebf53b234f198e123437b7928df5895eb7386fd.1712992731.git.pelzflorian@pelzflorian.de> Date: Wed, 05 Jun 2024 20:59:40 -0400 Message-ID: <8734pq3myr.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Queue-Id: 0307C1EF88 X-Migadu-Scanner: mx12.migadu.com X-Migadu-Spam-Score: 4.16 X-Spam-Score: 4.16 X-TUID: 1DlwY48FumuU Hi, Florian Pelz writes: > * doc/guix.texi (Binary Installation): Prefix installation instructions > with a warning. > > Change-Id: I088c7f00f4c3c8e32bdfd117ea934942930f7513 > --- > doc/guix.texi | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/doc/guix.texi b/doc/guix.texi > index 5efbd00984..f6bbed1de3 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -741,6 +741,13 @@ Binary Installation > may be older than @value{VERSION} but you can update it afterwards by > running @samp{guix pull}. > > +In the past, lately, security vulnerabilities in @command{guix-daemon} The s/lately, // ? (removing that part, which seems unnecessary) > +have been discovered and fixes for them have not yet been provided in Perhaps, 's/have not yet been provided/have yet to be provided/ > +foreign distributions' packages. We advise those who install Guix, 'in foreign distributions' (without 'packages') seems sufficient to me. > +both from the installation script or by distro packages, to also Perhaps, 'or via the native package manager of their foreign distribution' ? -- Thanks, Maxim