From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Greg Troxel <gdt@lexort.com>
Newsgroups: gmane.lisp.guile.devel
Subject: Re: [PATCH] web: default to INADDR_ANY instead of INADDR_LOOPBACK
Date: Fri, 22 Jul 2022 07:45:32 -0400
Message-ID: <rmiczdxs74z.fsf@s1.lexort.com>
References: <20220203002638.34504-1-aconchillo@gmail.com>
 <CA+XASoU51=kH9=a0UU4tyeewq-Gd1PHhCjgV+gPm3+o8d-8=RQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha1; protocol="application/pgp-signature"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="35796"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (berkeley-unix)
Cc: guile-devel <guile-devel@gnu.org>
To: Aleix Conchillo =?utf-8?Q?Flaqu=C3=A9?= <aconchillo@gmail.com>
Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Fri Jul 22 13:46:39 2022
Return-path: <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>
Envelope-to: guile-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>)
	id 1oEr78-00094H-Kr
	for guile-devel@m.gmane-mx.org; Fri, 22 Jul 2022 13:46:39 +0200
Original-Received: from localhost ([::1]:59620 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>)
	id 1oEr76-00013T-KN
	for guile-devel@m.gmane-mx.org; Fri, 22 Jul 2022 07:46:36 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:45900)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <gdt@lexort.com>) id 1oEr6F-00012s-UV
 for guile-devel@gnu.org; Fri, 22 Jul 2022 07:45:48 -0400
Original-Received: from s1.lexort.com ([71.19.148.97]:53856)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <gdt@lexort.com>) id 1oEr6D-0001w0-Se
 for guile-devel@gnu.org; Fri, 22 Jul 2022 07:45:43 -0400
Original-Received: by s1.lexort.com (Postfix, from userid 10853)
 id 4926C410699; Fri, 22 Jul 2022 07:45:34 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lexort.com; s=mail;
 t=1658490334; bh=R0UvF058/3HXx77e7DgthLHTqmkNTTfEz0/BvC+EoKg=;
 h=From:To:Cc:Subject:References:Date;
 b=UMgC7a3072RNaYW9EaOYl/lNUAT9bBMJWB7tHumpAsdZUxJi4s0XwXbr0DWD0XtF/
 GNSiIwq0QpmuxmuKFezCNe4p32OvPoVxL8vrHk7U57B2RB07dHaZCKFXpd6lC+ynYG
 r15XqN6lANQCnvT4b1MuZHt+zZ9E5YyrTjyugm8Q=
OpenPGP: id=098ED60E
Received-SPF: pass client-ip=71.19.148.97; envelope-from=gdt@lexort.com;
 helo=s1.lexort.com
X-Spam_score_int: -43
X-Spam_score: -4.4
X-Spam_bar: ----
X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guile-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Developers list for Guile,
 the GNU extensibility library" <guile-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guile-devel>,
 <mailto:guile-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guile-devel>
List-Post: <mailto:guile-devel@gnu.org>
List-Help: <mailto:guile-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guile-devel>,
 <mailto:guile-devel-request@gnu.org?subject=subscribe>
Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org
Original-Sender: "guile-devel" <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.lisp.guile.devel:21266
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.devel/21266>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Aleix Conchillo Flaqu=C3=A9 <aconchillo@gmail.com> writes:

>> Using INADDR_ANY instead of INADDR_LOOPBACK makes it convenient when
>> starting the web server inside containers without the need to having to
>> specify INADDR_ANY all the time. This is the default in most libraries
>> and languages.

I may be an outlier, but I don't think we should optimize for
containers.  I think that by default, most things that can reasonably
just listen on localhost should and those that want wider scope can
configure them (which should be easy and apparently is).

It seems this was an earlier conscious choice, from reading the patched doc=
s.

>> This doesn't break backwards compatibility since INADDR_LOOPBACK is also
>> included in INADDR_ANY.

It does break compat because the previous way had a security property
that this one doesn't.  This is fundamentally a disagreement about what
"works" means.  Some people think works primarily means "when I click X
I see Y" and others thinks works primarily means "security properties
(that nothing bad happens" are upheld".

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQS7wyAjWilQwVHG9Vsf2nroCY7WDgUCYtqN3AAKCRAf2nroCY7W
Dmk4AJ9iQHOk6nOobnhvy8r53hOh++3GBwCeL4I3UWGDFiCH+BqtdM2tnzNzvFM=
=+4Hy
-----END PGP SIGNATURE-----
--=-=-=--