From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id 4BUwESBFBGbOMAEAqHPOHw:P1 (envelope-from ) for ; Wed, 27 Mar 2024 17:11:12 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id 4BUwESBFBGbOMAEAqHPOHw (envelope-from ) for ; Wed, 27 Mar 2024 17:11:12 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=pelzflorian.de header.s=key2 header.b=R9DEA9gp; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1711555872; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=IBogj4j39VCdK98Gihwknl+flDerqggFYlJ+woTdcxQ=; b=LK2v27o6Xw922jjuvmQdp2x8GIElb+P0lm3v5aPCI77NTCLyPvpUrTND81cR+CLK0yMVHK Wqj3OGYIOboGkK5zJ5oD4RyLZ7FhDMDLJHpdGTmyfShfGoWnWepA2kpQwHOwk0WJtwPO6C WI5hSA+i0kN5xWPoe1kXZXNnqP9m4cKoQ03GSOhgDWbslqxaqNsj+0Uz+9PCeXKs9t5Ck8 LjUdUYMwclwo2mfAOQHElTKk711Of3rGy0C0dpTos4FpACNpdTlcQO4N81Oxa5eyv0j3m3 pKjnlcG/Yx0yihC8j4wJ4F/hllD7189z/u3gvQNesEvdtPENMivP04QggDZpcA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=pelzflorian.de header.s=key2 header.b=R9DEA9gp; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1711555872; a=rsa-sha256; cv=none; b=ZDEUPdtGIVDPx9ndZFI2adUR3XqFpjSUQkxZwn/xOsoBmTl9O1lRsAXkxFyW6PPb4ofygH qFC59w2hkwc6MJON4JuQfTDZhVNxkIzG8l+9XxjkguQqHPbO0oCvOEFSp9g045517YyFCm wlAyHoc3651afeZdMjPw8iXONd/huiah5XLEVsd5maY45Q4knYRVfOp+L74SMObBfzSF57 jDKU09RxJpP0/vY1IcxkiJncQdjeokFJUqUm27XDT6Toy1dlNp7XSOcLCkaRhxWhsU0VUG XINR07irJnrM00g461bhZ7gP5lhbpSLXmPfGVV5eeiTjYSjLfFMyvuywaEsy6Q== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id EB6B927172 for ; Wed, 27 Mar 2024 17:11:11 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rpVrl-00055D-QL; Wed, 27 Mar 2024 12:11:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rpVrj-00054I-T1 for guix-patches@gnu.org; Wed, 27 Mar 2024 12:11:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rpVrj-0000Hh-Kz for guix-patches@gnu.org; Wed, 27 Mar 2024 12:11:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rpVrj-000671-N4 for guix-patches@gnu.org; Wed, 27 Mar 2024 12:11:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70022] [PATCH 0/2] Binary Installation: Add more distros. Resent-From: "pelzflorian (Florian Pelz)" Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Mar 2024 16:11:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70022 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Denis 'GNUtoo' Carikli Cc: 70022@debbugs.gnu.org Received: via spool by 70022-submit@debbugs.gnu.org id=B70022.171155580423208 (code B ref 70022); Wed, 27 Mar 2024 16:11:03 +0000 Received: (at 70022) by debbugs.gnu.org; 27 Mar 2024 16:10:04 +0000 Received: from localhost ([127.0.0.1]:38248 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rpVql-00062D-UU for submit@debbugs.gnu.org; Wed, 27 Mar 2024 12:10:04 -0400 Received: from relay.yourmailgateway.de ([194.59.206.189]:40937) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rpVqi-00061M-IQ for 70022@debbugs.gnu.org; Wed, 27 Mar 2024 12:10:02 -0400 Received: from relay02-mors.netcup.net (localhost [127.0.0.1]) by relay02-mors.netcup.net (Postfix) with ESMTPS id 4V4WpZ53c3z43vL; Wed, 27 Mar 2024 17:09:58 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pelzflorian.de; s=key2; t=1711555798; bh=50wL/ZQAkH5y2Yvoki2uA2oQB6fwoI6/esXBwK8EXSU=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=R9DEA9gpR6bDgi4sG+d5bdtArd6fyA0AfE/ddgVzw6c9zod62RtHm5BE8D8cHwZIN rjCMkpIc33yE2HlLfrqwnCdDXeTqqk1nRcqQkKOni3Fnfk9nQWMCqBjc2tah80ybPP 25ye61g0QLF+YgY5+noLScTic22IHn4KlQ2VY+d1spoFNxLvvFpravEVQ2y8YoIOFk mlb0X/4m7IPSQjMAbTeivWQyvP/Hf1GaH8tjVlcXeSRGmF1UYqLz28qKQD2qVZ1IAY ifpOF46VL6sGC62q9ZNwd/g6STmsSOTJOicYd0CZCW9MxckbxGd36vvioyoklvS3l5 QNurfRqKjeivw== Received: from policy02-mors.netcup.net (unknown [46.38.225.35]) by relay02-mors.netcup.net (Postfix) with ESMTPS id 4V4WpZ4h61z7wl8; Wed, 27 Mar 2024 17:09:58 +0100 (CET) Received: from mxe217.netcup.net (unknown [10.243.12.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by policy02-mors.netcup.net (Postfix) with ESMTPS id 4V4WpZ1skDz8sgT; Wed, 27 Mar 2024 17:09:58 +0100 (CET) Received: from florianrock64 (ip92344de0.dynamic.kabel-deutschland.de [146.52.77.224]) by mxe217.netcup.net (Postfix) with ESMTPSA id D35D9834FA; Wed, 27 Mar 2024 17:09:52 +0100 (CET) From: "pelzflorian (Florian Pelz)" In-Reply-To: (Denis Carikli's message of "Wed, 27 Mar 2024 00:45:39 +0100") References: Date: Wed, 27 Mar 2024 17:09:51 +0100 Message-ID: <87wmpnvepc.fsf@pelzflorian.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: D35D9834FA X-Rspamd-Server: rspamd-worker-8404 X-NC-CID: fvL9cxB37+liw3Duun+o/tCHk1DiasNAES043mGRnBTLVMUD43jIWQ66 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Queue-Id: EB6B927172 X-Spam-Score: -5.35 X-Migadu-Spam-Score: -5.35 X-Migadu-Scanner: mx10.migadu.com X-TUID: e1k1wKVxcbq1 Hi Denis. This is in principle a great improvement, however note that recently (4th March or so) a local privilege escalation vulnerability in guix-daemon was discovered and many distros have not fixed it yet, such as AUR and therefore your Parabola pcr package or Debian=E2=80=99s long-term releases, which Debian= =E2=80=99s guix packager complained about . Perhaps we should think about how and where we can also instruct users to upgrade their daemon in a timely manner. This will be different for guix packages (that configure a vulnerable daemon systemd service) and for guix-install (where it is enough to follow the guix pull news file, if the admin actually uses guix pull themself and can see the news). Otherwise LGTM. Regards, Florian