From patchwork Sat Nov 19 12:09:31 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: "pelzflorian (Florian Pelz)"
 <pelzflorian@pelzflorian.de>
X-Patchwork-Id: 44620
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 9852027BBEC; Sat, 19 Nov 2022 12:10:19 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_MSPIKE_H2,SPF_HELO_PASS autolearn=unavailable
	autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 0775427BBE9
	for <patchwork@mira.cbaines.net>; Sat, 19 Nov 2022 12:10:17 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1owMfe-0008Kb-Hr; Sat, 19 Nov 2022 07:10:06 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1owMfc-0008Go-DT
 for guix-patches@gnu.org; Sat, 19 Nov 2022 07:10:04 -0500
Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1owMfb-0001kZ-1D
 for guix-patches@gnu.org; Sat, 19 Nov 2022 07:10:03 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1owMfa-0001RL-FH
 for guix-patches@gnu.org; Sat, 19 Nov 2022 07:10:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#59383] [PATCH] doc: Call out potential for downgrade attacks
 with time-machine.
Resent-From: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sat, 19 Nov 2022 12:10:02 +0000
Resent-Message-ID: <handler.59383.B.16688597835502@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 59383
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 59383@debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.16688597835502
 (code B ref -1); Sat, 19 Nov 2022 12:10:02 +0000
Received: (at submit) by debbugs.gnu.org; 19 Nov 2022 12:09:43 +0000
Received: from localhost ([127.0.0.1]:39194 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1owMfH-0001Qf-3L
 for submit@debbugs.gnu.org; Sat, 19 Nov 2022 07:09:43 -0500
Received: from lists.gnu.org ([209.51.188.17]:45958)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pelzflorian@pelzflorian.de>) id 1owMfD-0001QW-Sn
 for submit@debbugs.gnu.org; Sat, 19 Nov 2022 07:09:40 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pelzflorian@pelzflorian.de>)
 id 1owMfD-0007lE-1E
 for guix-patches@gnu.org; Sat, 19 Nov 2022 07:09:39 -0500
Received: from relay.yourmailgateway.de ([188.68.61.103])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pelzflorian@pelzflorian.de>)
 id 1owMfB-0001ah-0v
 for guix-patches@gnu.org; Sat, 19 Nov 2022 07:09:38 -0500
Received: from mors-relay-8403.netcup.net (localhost [127.0.0.1])
 by mors-relay-8403.netcup.net (Postfix) with ESMTPS id 4NDssB53Twz8FyW
 for <guix-patches@gnu.org>; Sat, 19 Nov 2022 13:09:34 +0100 (CET)
Authentication-Results: mors-relay-8403.netcup.net;
 dkim=permerror (bad message/signature format)
Received: from policy02-mors.netcup.net (unknown [46.38.225.35])
 by mors-relay-8403.netcup.net (Postfix) with ESMTPS id 4NDssB4fcdz8FyV
 for <guix-patches@gnu.org>; Sat, 19 Nov 2022 13:09:34 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at policy02-mors.netcup.net
Received: from mxe217.netcup.net (unknown [10.243.12.53])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by policy02-mors.netcup.net (Postfix) with ESMTPS id 4NDssB1gp2z8sZj
 for <guix-patches@gnu.org>; Sat, 19 Nov 2022 13:09:33 +0100 (CET)
Received: from florianrock64 (ip5b40a50f.dynamic.kabel-deutschland.de
 [91.64.165.15])
 by mxe217.netcup.net (Postfix) with ESMTPSA id DDE5B9EC28
 for <guix-patches@gnu.org>; Sat, 19 Nov 2022 13:09:32 +0100 (CET)
From: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
Date: Sat, 19 Nov 2022 13:09:31 +0100
Message-ID: <87v8nbjgck.fsf@pelzflorian.de>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
X-Rspamd-Queue-Id: DDE5B9EC28
X-Spamd-Result: default: False [-5.60 / 15.00]; BAYES_HAM(-5.50)[99.99%];
 MIME_GOOD(-0.10)[text/plain]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:3209, ipnet:91.64.0.0/14, country:DE];
 RCVD_COUNT_ZERO(0.00)[0]; RCPT_COUNT_ONE(0.00)[1];
 TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 ARC_NA(0.00)[]
X-Rspamd-Server: rspamd-worker-8404
X-NC-CID: ip98Zx+PmbU45acym2xo8CtWj6pFnurWd7hiUPMAmMvldKgJvFK9yDzH
Received-SPF: none client-ip=188.68.61.103;
 envelope-from=pelzflorian@pelzflorian.de; helo=relay.yourmailgateway.de
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001,
 SPF_HELO_PASS=-0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* doc/guix.texi (Invoking guix time-machine): Add a note.
---
 doc/guix.texi | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)


base-commit: 7502af793172714b2b322c21ba2379c698108ef2

diff --git a/doc/guix.texi b/doc/guix.texi
index eaecfd0daa..c29db13be6 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -60,7 +60,7 @@
 Copyright @copyright{} 2018 Mike Gerwitz@*
 Copyright @copyright{} 2018 Pierre-Antoine Rouby@*
 Copyright @copyright{} 2018, 2019 Gábor Boskovits@*
-Copyright @copyright{} 2018, 2019, 2020 Florian Pelz@*
+Copyright @copyright{} 2018, 2019, 2020, 2022 Florian Pelz@*
 Copyright @copyright{} 2018 Laura Lazzati@*
 Copyright @copyright{} 2018 Alex Vong@*
 Copyright @copyright{} 2019 Josh Holland@*
@@ -4834,6 +4834,13 @@ Invoking guix time-machine
 large number of packages; the result is cached though and subsequent
 commands targeting the same commit are almost instantaneous.
 
+@quotation Note
+Naturally, no security fixes can be provided for old versions of Guix
+or its channels.  This also means that careless use of @command{guix
+time-machine} opens the door to downgrade attacks.
+@xref{Invoking guix pull, @option{--allow-downgrades}}.
+@end quotation
+
 The general syntax is:
 
 @example