From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp11.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id MHR/GKnHeGM9yAAAbAwnHQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 19 Nov 2022 13:10:17 +0100
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp11.migadu.com with LMTPS
	id 8DCFGKnHeGM9pgAA9RJhRA
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 19 Nov 2022 13:10:17 +0100
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 1ABF31A516
	for <larch@yhetil.org>; Sat, 19 Nov 2022 13:10:17 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1owMfe-0008Kb-Hr; Sat, 19 Nov 2022 07:10:06 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1owMfc-0008Go-DT
 for guix-patches@gnu.org; Sat, 19 Nov 2022 07:10:04 -0500
Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1owMfb-0001kZ-1D
 for guix-patches@gnu.org; Sat, 19 Nov 2022 07:10:03 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1owMfa-0001RL-FH
 for guix-patches@gnu.org; Sat, 19 Nov 2022 07:10:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#59383] [PATCH] doc: Call out potential for downgrade attacks
 with time-machine.
Resent-From: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sat, 19 Nov 2022 12:10:02 +0000
Resent-Message-ID: <handler.59383.B.16688597835502@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 59383
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 59383@debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.16688597835502
 (code B ref -1); Sat, 19 Nov 2022 12:10:02 +0000
Received: (at submit) by debbugs.gnu.org; 19 Nov 2022 12:09:43 +0000
Received: from localhost ([127.0.0.1]:39194 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1owMfH-0001Qf-3L
 for submit@debbugs.gnu.org; Sat, 19 Nov 2022 07:09:43 -0500
Received: from lists.gnu.org ([209.51.188.17]:45958)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pelzflorian@pelzflorian.de>) id 1owMfD-0001QW-Sn
 for submit@debbugs.gnu.org; Sat, 19 Nov 2022 07:09:40 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pelzflorian@pelzflorian.de>)
 id 1owMfD-0007lE-1E
 for guix-patches@gnu.org; Sat, 19 Nov 2022 07:09:39 -0500
Received: from relay.yourmailgateway.de ([188.68.61.103])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pelzflorian@pelzflorian.de>)
 id 1owMfB-0001ah-0v
 for guix-patches@gnu.org; Sat, 19 Nov 2022 07:09:38 -0500
Received: from mors-relay-8403.netcup.net (localhost [127.0.0.1])
 by mors-relay-8403.netcup.net (Postfix) with ESMTPS id 4NDssB53Twz8FyW
 for <guix-patches@gnu.org>; Sat, 19 Nov 2022 13:09:34 +0100 (CET)
Received: from policy02-mors.netcup.net (unknown [46.38.225.35])
 by mors-relay-8403.netcup.net (Postfix) with ESMTPS id 4NDssB4fcdz8FyV
 for <guix-patches@gnu.org>; Sat, 19 Nov 2022 13:09:34 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at policy02-mors.netcup.net
Received: from mxe217.netcup.net (unknown [10.243.12.53])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by policy02-mors.netcup.net (Postfix) with ESMTPS id 4NDssB1gp2z8sZj
 for <guix-patches@gnu.org>; Sat, 19 Nov 2022 13:09:33 +0100 (CET)
Received: from florianrock64 (ip5b40a50f.dynamic.kabel-deutschland.de
 [91.64.165.15])
 by mxe217.netcup.net (Postfix) with ESMTPSA id DDE5B9EC28
 for <guix-patches@gnu.org>; Sat, 19 Nov 2022 13:09:32 +0100 (CET)
From: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
Date: Sat, 19 Nov 2022 13:09:31 +0100
Message-ID: <87v8nbjgck.fsf@pelzflorian.de>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: DDE5B9EC28
X-Spamd-Result: default: False [-5.60 / 15.00]; BAYES_HAM(-5.50)[99.99%];
 MIME_GOOD(-0.10)[text/plain]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:3209, ipnet:91.64.0.0/14, country:DE];
 RCVD_COUNT_ZERO(0.00)[0]; RCPT_COUNT_ONE(0.00)[1];
 TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 ARC_NA(0.00)[]
X-Rspamd-Server: rspamd-worker-8404
X-NC-CID: ip98Zx+PmbU45acym2xo8CtWj6pFnurWd7hiUPMAmMvldKgJvFK9yDzH
Received-SPF: none client-ip=188.68.61.103;
 envelope-from=pelzflorian@pelzflorian.de; helo=relay.yourmailgateway.de
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001,
 SPF_HELO_PASS=-0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: guix-patches-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1668859817;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=uRbjNkbLxVtRM3infwJrJLd9wHJpO+hEmMBuNN3BGFY=;
	b=XNbCa8U4eEKtGU0sOQjI2n6lKK8M1Ls9p7asaovNLSluRREvXUU9ju1vQ7wwqLQyROJdno
	sdhuI9yAy1uGakTgIdJEyDtDKQr6JdR5BUS4Zs8VH6n7XcdE0vMoafYsXMuQYuDJOeUX5d
	KoT8DmWCyrsIgpdfqtk/aBsMnviK81N4TlmSUw8oGFQSu7OWqH6ukixbmNbTEgkPmaTbHY
	iwru7nhylyo4AN/BMqNUwq7wXl3jBRWNFeSw7lEll/XItXH0vEfvXf04xcCsffzSM/lJgg
	XRvnywSHJT3fecFFlvrSgfHRudXKDQWVFVYj7wOUb6j+phs/G7GNUrl2V+iI0w==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1668859817; a=rsa-sha256; cv=none;
	b=Ky9kkyuRouWAbvry8C8ORdMRp3ROtdhhHFpSMVLHFpF4hfoU8GTKiNVE8xLylFzNcJNjan
	BmK/iOVNt/hY+5tCDxkajEgdBaRo9UDh5cpioo/S5OKF1A0yIpeYKC9Fw3uUcBEZF5repz
	xSazjexxdXdABORDjl3MNfIcmx80MwvSO0csyWBHr1ZAAZTzW4AaZ6YOpdaMs+usG0FCLH
	MGC9dZFQLt1JMPtCv4kfPNJaXar0E2b5LnP1IhkrLfNawWeueiB7LUNC27Pg8pGTFJ2Ina
	hx1VlONcMAUtWpVfaBNI7ZeAgBmijuFeSbNcpS+y+CqFaW0l4DqviubiSh6fLw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -4.31
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 1ABF31A516
X-Spam-Score: -4.31
X-Migadu-Scanner: scn0.migadu.com
X-TUID: nX193T5vjyIb

* doc/guix.texi (Invoking guix time-machine): Add a note.
---
 doc/guix.texi | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index eaecfd0daa..c29db13be6 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -60,7 +60,7 @@
 Copyright @copyright{} 2018 Mike Gerwitz@*
 Copyright @copyright{} 2018 Pierre-Antoine Rouby@*
 Copyright @copyright{} 2018, 2019 G=C3=A1bor Boskovits@*
-Copyright @copyright{} 2018, 2019, 2020 Florian Pelz@*
+Copyright @copyright{} 2018, 2019, 2020, 2022 Florian Pelz@*
 Copyright @copyright{} 2018 Laura Lazzati@*
 Copyright @copyright{} 2018 Alex Vong@*
 Copyright @copyright{} 2019 Josh Holland@*
@@ -4834,6 +4834,13 @@ Invoking guix time-machine
 large number of packages; the result is cached though and subsequent
 commands targeting the same commit are almost instantaneous.
=20
+@quotation Note
+Naturally, no security fixes can be provided for old versions of Guix
+or its channels.  This also means that careless use of @command{guix
+time-machine} opens the door to downgrade attacks.
+@xref{Invoking guix pull, @option{--allow-downgrades}}.
+@end quotation
+
 The general syntax is:
=20
 @example

base-commit: 7502af793172714b2b322c21ba2379c698108ef2
--=20
2.38.0