From patchwork Sat Apr 13 07:18:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "pelzflorian (Florian Pelz)" X-Patchwork-Id: 62951 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 77EB727BBEA; Sat, 13 Apr 2024 08:24:11 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 30A9C27BBE9 for ; Sat, 13 Apr 2024 08:24:09 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rvXju-0007H1-Nd; Sat, 13 Apr 2024 03:23:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rvXjs-0007Fz-Iz for guix-patches@gnu.org; Sat, 13 Apr 2024 03:23:52 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rvXjr-0007lk-MW for guix-patches@gnu.org; Sat, 13 Apr 2024 03:23:51 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rvXk1-0001Zs-Vd for guix-patches@gnu.org; Sat, 13 Apr 2024 03:24:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70022] [PATCH v3 1/3] doc: Warn about foreign distro Guix packages' security. References: In-Reply-To: Resent-From: Florian Pelz Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 13 Apr 2024 07:24:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70022 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70022@debbugs.gnu.org Cc: Florian Pelz Received: via spool by 70022-submit@debbugs.gnu.org id=B70022.17129930315991 (code B ref 70022); Sat, 13 Apr 2024 07:24:01 +0000 Received: (at 70022) by debbugs.gnu.org; 13 Apr 2024 07:23:51 +0000 Received: from localhost ([127.0.0.1]:59938 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvXjq-0001YX-GD for submit@debbugs.gnu.org; Sat, 13 Apr 2024 03:23:50 -0400 Received: from relay.yourmailgateway.de ([188.68.63.98]:57297) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvXjn-0001YC-NH for 70022@debbugs.gnu.org; Sat, 13 Apr 2024 03:23:48 -0400 Received: from mors-relay-2501.netcup.net (localhost [127.0.0.1]) by mors-relay-2501.netcup.net (Postfix) with ESMTPS id 4VGlKM6cJxz61J7 for <70022@debbugs.gnu.org>; Sat, 13 Apr 2024 09:23:35 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pelzflorian.de; s=key2; t=1712993015; bh=a5cVmpsggbCfbF6SCKKYaTHSGbF93WYYl73Mzm2e+KY=; h=From:To:Cc:Subject:Date:From; b=HRBDxaun5qp/pez3kfhGg6npoaHm7+N/yAWC2/09Hp9mqMG5prFjlayQPtUTu0ScU xAbzfJkZ4u/00frsQVb82kPvvLcLsqHpCXwG3tcs+duflD3WNvP5OMS4j2HMmP9mld PNCoSWxNYsmddau4f+idHTS09x5nVUSkZV/L768bsmlcPXv0VwP6bQOMsMu89Ztt6c uk0q/hYvBgvLMuMFou6i5Znk/RcLXG3xFWyjCUv8YduO+fzPtCA297Zl3ngEawsYPz 6HqPNw1/eCpajsN7eHZ3sBHzzrM/2Gzr/MdSlY1Vk4mPX5UQ4gJrCxlVTfvm4Sd3KK 7UzEAGBIUv8zg== Received: from policy02-mors.netcup.net (unknown [46.38.225.35]) by mors-relay-2501.netcup.net (Postfix) with ESMTPS id 4VGlKM5thtz50Jf for <70022@debbugs.gnu.org>; Sat, 13 Apr 2024 09:23:35 +0200 (CEST) Received: from mxe217.netcup.net (unknown [10.243.12.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by policy02-mors.netcup.net (Postfix) with ESMTPS id 4VGlKM49mPz8sbD for <70022@debbugs.gnu.org>; Sat, 13 Apr 2024 09:23:35 +0200 (CEST) Received: from florianrock64.fritz.box (ip92344de0.dynamic.kabel-deutschland.de [146.52.77.224]) by mxe217.netcup.net (Postfix) with ESMTPSA id 1E92483665; Sat, 13 Apr 2024 09:23:29 +0200 (CEST) From: Florian Pelz Date: Sat, 13 Apr 2024 09:18:50 +0200 Message-ID: <3ebf53b234f198e123437b7928df5895eb7386fd.1712992731.git.pelzflorian@pelzflorian.de> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Rspamd-Queue-Id: 1E92483665 X-Rspamd-Server: rspamd-worker-8404 X-NC-CID: mowWN/L1eCDp4QBxi4YKN/aXGuhQSPcM4Y0bvZBJ5h5Ky8/Q2UDCGy3W X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * doc/guix.texi (Binary Installation): Prefix installation instructions with a warning. Change-Id: I088c7f00f4c3c8e32bdfd117ea934942930f7513 --- doc/guix.texi | 7 +++++++ 1 file changed, 7 insertions(+) base-commit: 15a523ea213065c275e4852673cbb27c72c0ad87 diff --git a/doc/guix.texi b/doc/guix.texi index 5efbd00984..f6bbed1de3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -741,6 +741,13 @@ Binary Installation may be older than @value{VERSION} but you can update it afterwards by running @samp{guix pull}. +In the past, lately, security vulnerabilities in @command{guix-daemon} +have been discovered and fixes for them have not yet been provided in +foreign distributions' packages. We advise those who install Guix, +both from the installation script or by distro packages, to also +regularly read and follow security notices, as shown by @command{guix +pull}. + For Debian or a derivative such as Ubuntu, call: @example