IRC channel logs
2024-04-04.log
back to list of logs
<remyd1>Is `guix lint -c cve` scanning all the user profiles when launched as root ? <civodul>remyd1: hi! no, it only looks at the packages specified on the command line, regardless of whether they’re installed on your system or not <civodul>there’s a plan to do what you describe but it’s not there yet <remyd1>Ok; so let's say a bad user on a cluster want to use a non patched version of OpenSSH it is still possible ? <civodul>it is possible, but the admin gets to decide which sshd listens on port 22 <civodul>(it is possible regardless of Guix: users can always build things by hand in their home dir) <remyd1>And what about upgrades with guix pull && guix upgrade ? Running at root should only upgrade root's packages ? Am I right ?