‘guix substitute‘ and ‘guix pull‘ vulnerabilities

13 points by csantosb


liberty

Unfortunately a lot of Guix distribution packages are unmaintained, such as Debian's. Considering the severity of this vulnerability, I have uninstalled my distro-provided copy of Guix and installed it with their install script.