l...@gnu.org (Ludovic Courtès) writes:
> Mark H Weaver <m...@netris.org> skribis:
>
>> We could simply issue a warning if the version of guix currently in use
>> is more than N hours old, on the assumption that after N hours it's
>> likely to be stale. The default value of N might be in the range 48-96
>> (2-4 days). A quick perusal through the recent commit log on our master
>> branch indicates that it's quite rare for 4 days to pass without a
>> security update.
>>
>> What do you think?
>
> That sounds like an easy and reasonable approach.
>
> I wonder what would be the best place to emit this warning. Upon ‘guix
> package -i’ maybe?
Also "guix package -u" and the "guix system" commands that build
systems. I suspect that many users run "guix pull" as their normal
users but never think to run it as root.
Mark
