From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp0.migadu.com ([2001:41d0:303:e16b::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms1.migadu.com with LMTPS
	id QIr9AMAiGWbkDAAAqHPOHw:P1
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 12 Apr 2024 14:02:08 +0200
Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0.migadu.com with LMTPS
	id QIr9AMAiGWbkDAAAqHPOHw
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 12 Apr 2024 14:02:08 +0200
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=pelzflorian.de header.s=key2 header.b="VE/b+w+7";
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1712923327;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=f5twpaLtO6cLYusGczYu4xWsP+2wjKUCdPEXq+5z/h0=;
	b=Sb0KeRTOTvJPMZYP/WELi2zvAW0fQPmYKi7gYQxLj407COXc6kznIb2rzyTrCS0fc+oUMz
	W8NULmSh0CzyhrEN6ZksS3hTNAeGe/mK8RvPQqcfraLKQcLc04zn349SeSnykhyewRuxg5
	BwkP+6B7kl2i7ImzPC4h0aiEBD1yH00WfJ4j2S6nBj5boTa8KskkZsH8iz61xwqorKGGjn
	qV/WWuMAQYLVAJfyzc2vsGapw9+rZJ9WlHrfJC3Yka3gHkTllg6NhKjmUAFP75xsHe7aPy
	C9XbTY236kXxZvyuKsNmyrSkHi9g6LFP5l8Oi991qPWdW0TjG/nxfe1Md14KCg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1712923327; a=rsa-sha256; cv=none;
	b=S/RwaMRce56Eq7XDHjwbJRR6AMd6FZ0sRmVn4hiNQA7IWZfWjbeRa73GNCSEKSPnrt+7YN
	oe3rmkgbry0KQVdj+eLEMf9UcQ35MmkOsfTUd+3kY3YrBTwBdMr3DvovRkX8htQvRMoYSB
	Ryi5BeMq/TpItmxPQ/9olm0+vR3cC5CbhPMy30QxHSNVsPZEHzlEZVZmj1WOP5lWcDvAxT
	xX8RiFT6GmYwjFlyuZiMW4UaoF+u16iMKA8Vku4XQk2qvo3G6YWD7Y93sz5fY8pbUGUYKs
	RYPeetaW+8VQ3cp4RwXPMVHx9rQKZ6sb9ZAAgzrQbArCTO7j/BpFPPS3wqOjxA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=pelzflorian.de header.s=key2 header.b="VE/b+w+7";
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=none
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 900DF3C8A6
	for <larch@yhetil.org>; Fri, 12 Apr 2024 14:02:07 +0200 (CEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1rvFbP-0000Cf-UM; Fri, 12 Apr 2024 08:01:55 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rvFbN-0000Bs-KX
 for guix-patches@gnu.org; Fri, 12 Apr 2024 08:01:53 -0400
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rvFbN-0007Ov-Br
 for guix-patches@gnu.org; Fri, 12 Apr 2024 08:01:53 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1rvFbW-0005qp-P3
 for guix-patches@gnu.org; Fri, 12 Apr 2024 08:02:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#70022] [PATCH v2 1/3] doc: Warn about foreign distro Guix
 packages' security.
References: <cover.1711495227.git.GNUtoo@cyberdimension.org>
In-Reply-To: <cover.1711495227.git.GNUtoo@cyberdimension.org>
Resent-From: Florian Pelz <pelzflorian@pelzflorian.de>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 12 Apr 2024 12:02:02 +0000
Resent-Message-ID: <handler.70022.B70022.171292326821939@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 70022
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 70022@debbugs.gnu.org
Cc: Florian Pelz <pelzflorian@pelzflorian.de>
Received: via spool by 70022-submit@debbugs.gnu.org id=B70022.171292326821939
 (code B ref 70022); Fri, 12 Apr 2024 12:02:02 +0000
Received: (at 70022) by debbugs.gnu.org; 12 Apr 2024 12:01:08 +0000
Received: from localhost ([127.0.0.1]:58072 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1rvFad-0005hZ-6c
 for submit@debbugs.gnu.org; Fri, 12 Apr 2024 08:01:08 -0400
Received: from relay.yourmailgateway.de ([188.68.63.174]:44547)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pelzflorian@pelzflorian.de>) id 1rvFaX-0005fi-9v
 for 70022@debbugs.gnu.org; Fri, 12 Apr 2024 08:01:06 -0400
Received: from mors-relay8204.netcup.net (localhost [127.0.0.1])
 by mors-relay8204.netcup.net (Postfix) with ESMTPS id 4VGFWk06XVz8Zvp
 for <70022@debbugs.gnu.org>; Fri, 12 Apr 2024 12:00:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pelzflorian.de;
 s=key2; t=1712923250;
 bh=Jl+CdcNijJ0Zm40sF8xBxNlfCv+pfoCCtUOX+OcoOUs=;
 h=From:To:Cc:Subject:Date:From;
 b=VE/b+w+7dPJOpqULQrtZQuQ4hOqE3iV2Bd4wyHIqKWh6aNRvOGBKulTdw6x6k7aER
 NdPQLBcYmUWQl9rcMb8CGLFcMtFW+HKNcL8liwfqBuRBGGuFXc9ZaRAAZx66IQZxiD
 QaUUf/zddZxlbnHO0seq7/qieN+qflZNELM6JXu578kXExdkI+2lqYQ2mX4rMGKS2V
 1ntHRAZKEZLmrZ/RYs7jSPwpNUCCptoiaJEvrwC2Sk0mTuLr0lVEBmWtyvrRrW9j7m
 LGWtVIVAyLoRsPA0kvXzQx7JEiV4bO7jUstFZsPtgyDdJNPHTXNmlKFf3Q0f7pT8KJ
 k0QPD0yDle4xw==
Received: from policy02-mors.netcup.net (unknown [46.38.225.35])
 by mors-relay8204.netcup.net (Postfix) with ESMTPS id 4VGFWj6WtXz8ZtS
 for <70022@debbugs.gnu.org>; Fri, 12 Apr 2024 12:00:49 +0000 (UTC)
Received: from mxe217.netcup.net (unknown [10.243.12.53])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by policy02-mors.netcup.net (Postfix) with ESMTPS id 4VGFWj4rvxz8scg
 for <70022@debbugs.gnu.org>; Fri, 12 Apr 2024 14:00:49 +0200 (CEST)
Received: from florianrock64.fritz.box
 (ip92344de0.dynamic.kabel-deutschland.de [146.52.77.224])
 by mxe217.netcup.net (Postfix) with ESMTPSA id 4C08482DB5;
 Fri, 12 Apr 2024 14:00:44 +0200 (CEST)
From: Florian Pelz <pelzflorian@pelzflorian.de>
Date: Fri, 12 Apr 2024 14:00:03 +0200
Message-ID: <2339cdf5f4e8f03988396152b9e7e5ad0ea018ff.1712923204.git.pelzflorian@pelzflorian.de>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4C08482DB5
X-Rspamd-Server: rspamd-worker-8404
X-NC-CID: 4QHPQcnA0OicKu04ogBqOnoQldGPIq7IXPUytW1zMKWnGSwAbRRcczOi
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: guix-patches-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
X-Migadu-Spam-Score: -4.38
X-Spam-Score: -4.38
X-Migadu-Queue-Id: 900DF3C8A6
X-Migadu-Scanner: mx13.migadu.com
X-TUID: ixV3hL8BBXAa

* doc/guix.texi (Binary Installation): Prefix installation instructions
with a warning.

Change-Id: I088c7f00f4c3c8e32bdfd117ea934942930f7513
---
 doc/guix.texi | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 5827e0de14..341e463add 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -741,6 +741,13 @@ Binary Installation
 may be older than @value{VERSION} but you can update it afterwards by
 running @samp{guix pull}.
 
+In the past, occasionally, security vulnerabilities in
+@command{guix-daemon} have been discovered and fixes for them have not
+yet been provided in foreign distribution’s packages.  We advise those
+who install Guix, both from the installation script or by distro
+packages, to also regularly read and follow security notices, as shown
+by @command{guix pull}.
+
 For Debian or a derivative such as Ubuntu, call:
 
 @example

base-commit: 4e7337536ba41e888a601c92fada8a4adca9d2c6
-- 
2.41.0