Anterior: Uso do Disco, Acima: Instalando Guix em um Cluster [Conteúdo][Índice]
On an HPC cluster, Guix is typically used to manage scientific software.
Security-critical software such as the operating system kernel and system
services such as sshd
and the batch scheduler remain under control of
sysadmins.
The Guix project has a good track record delivering security updates in a
timely fashion (veja Security Updates em GNU Guix Reference
Manual). To get security updates, users have to run guix pull &&
guix upgrade
.
Because Guix uniquely identifies software variants, it is easy to see if a vulnerable piece of software is in use. For instance, to check whether the glibc 2.25 variant without the mitigation patch against “Stack Clash”, one can check whether user profiles refer to it at all:
guix gc --referrers /gnu/store/…-glibc-2.25
This will report whether profiles exist that refer to this specific glibc variant.