[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#48146: Getting diverted to non-updated branches: a limitation of the
From: |
Leo Famulari |
Subject: |
bug#48146: Getting diverted to non-updated branches: a limitation of the authentication mechanism? |
Date: |
Sun, 2 May 2021 00:09:50 -0400 |
On Sat, May 01, 2021 at 11:40:01PM +0200, Maxime Devos wrote:
> Tags: + security
>
> Hi guix,
>
> Consider the following situation:
Check this blog post and The Update Framework's concept of "indefinite
freeze attacks", which I think is what you are describing:
https://guix.gnu.org/en/blog/2020/securing-updates/
https://theupdateframework.io/ (check the "specification")