Previous: Diskanvändning, Up: Installing Guix on a Cluster [Contents][Index]
On an HPC cluster, Guix is typically used to manage scientific software.
Security-critical software such as the operating system kernel and system
services such as sshd and the batch scheduler remain under control of
sysadmins.
Guix-projektet har en god vana av att tillhandahålla säkerhetsuppdateringar
i rättan tid (see Security Updates in GNU Guix Reference Manual).
För att få säkerhetsuppdateringar behöver användare köra guix pull &&
guix upgrade.
Because Guix uniquely identifies software variants, it is easy to see if a vulnerable piece of software is in use. For instance, to check whether the glibc 2.25 variant without the mitigation patch against “Stack Clash”, one can check whether user profiles refer to it at all:
guix gc --referrers /gnu/store/…-glibc-2.25
Det här kommer att rapportera om profiler som refererar till den här specifika glibc-varianten existerar.