From: vagrant@debian.org 
  
 Source: guix 
 Version: 1.4.0-3 
 Severity: serious 
  
 Due to recent security issues exposed in guix, and active development on 
 guix-daemon, it has become difficult to backport security updates: 
  
   https://bugs.debian.org/1108318 
  
 All previous security updates were possible largely because upstream had 
 not changed much, but that is no longer the case. Guix has not had a 
 release in several years, and the recent security updates are comingled 
 with unrelated changes in the guix-daemon code. 
  
 Given that there are significant security vulnerabilities, it seems like 
 it would be appropriate, at least for the forseeable future, remove guix 
 from Debian testing, stable, oldstable, oldoldstable, etc. 
  
 Weather it should be removed from Debian unstable is still an open 
 question... 
  
  
 An alternative approach would be to disable guix-daemon and use the "GNU 
 Guix binary" distribution: 
  
   https://guix.gnu.org/en/download/latest/ 
  
 Or building guix-daemon with an updated guix (e.g. guix pull), and then 
 configuring the guix-daemon service to use the daemon in provided by 
 "guix pull". 
  
 I have not yet tested the migration path to either of these 
 alternatives, though I have moderate confidence that it should work... 
  
  
 live well, 
   vagrant 
  
 --=-=-Content-Type: application/pgp-signature; name="signature.asc" 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCaK40lAAKCRDcUY/If5cW 
 qsTzAQCi9vWL8/8IjUqGn6mt2UDn3QLI1kFVsGRKdE9Rj7j0JgD/Q06hOl2v4F98 
 MEEhTHb35t4shYYWt6Ox+tEfK5/K3gM=vsUq 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)