mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 05:18:07 -05:00
doc: Call out potential for security vulnerabilities in old software.
* doc/guix.texi (Invoking guix time-machine): Add a note. Co-authored by: Simon Tournier <zimon.toutoune@gmail.com>
This commit is contained in:
parent
a44d6e1ea2
commit
b8d4c323f5
1 changed files with 10 additions and 1 deletions
|
@ -60,7 +60,7 @@ Copyright @copyright{} 2018, 2021 Oleg Pykhalov@*
|
|||
Copyright @copyright{} 2018 Mike Gerwitz@*
|
||||
Copyright @copyright{} 2018 Pierre-Antoine Rouby@*
|
||||
Copyright @copyright{} 2018, 2019 Gábor Boskovits@*
|
||||
Copyright @copyright{} 2018, 2019, 2020 Florian Pelz@*
|
||||
Copyright @copyright{} 2018, 2019, 2020, 2022 Florian Pelz@*
|
||||
Copyright @copyright{} 2018 Laura Lazzati@*
|
||||
Copyright @copyright{} 2018 Alex Vong@*
|
||||
Copyright @copyright{} 2019 Josh Holland@*
|
||||
|
@ -4834,6 +4834,15 @@ invocation can be expensive: it may have to download or even build a
|
|||
large number of packages; the result is cached though and subsequent
|
||||
commands targeting the same commit are almost instantaneous.
|
||||
|
||||
@quotation Note
|
||||
The history of Guix is immutable and @command{guix time-machine}
|
||||
provides the exact same software as they are in a specific Guix
|
||||
revision. Naturally, no security fixes are provided for old versions
|
||||
of Guix or its channels. A careless use of @command{guix time-machine}
|
||||
opens the door to security vulnerabilities. @xref{Invoking guix pull,
|
||||
@option{--allow-downgrades}}.
|
||||
@end quotation
|
||||
|
||||
The general syntax is:
|
||||
|
||||
@example
|
||||
|
|
Loading…
Reference in a new issue