From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:2:4a6f::])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id UHbwKp8nemDHYwEAgWs5BA
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 17 Apr 2021 02:11:11 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id aFzoJZ8nemDCewAA1q6Kng
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 17 Apr 2021 00:11:11 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id DA41C21E5F
	for <larch@yhetil.org>; Sat, 17 Apr 2021 02:11:10 +0200 (CEST)
Received: from localhost ([::1]:59446 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1lXYYH-0002pW-LP
	for larch@yhetil.org; Fri, 16 Apr 2021 20:11:09 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:43696)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lXYYA-0002pP-L8
 for bug-guix@gnu.org; Fri, 16 Apr 2021 20:11:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:58647)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lXYYA-0004DU-DP
 for bug-guix@gnu.org; Fri, 16 Apr 2021 20:11:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1lXYYA-0002wD-8z
 for bug-guix@gnu.org; Fri, 16 Apr 2021 20:11:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#47823: Hardenize Guix website TLS/DNS
Resent-From: Julien Lepiller <julien@lepiller.eu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Sat, 17 Apr 2021 00:11:02 +0000
Resent-Message-ID: <handler.47823.B47823.161861822911252@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47823
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Leo Famulari <leo@famulari.name>,bo0od <bo0od@riseup.net>
Received: via spool by 47823-submit@debbugs.gnu.org id=B47823.161861822911252
 (code B ref 47823); Sat, 17 Apr 2021 00:11:02 +0000
Received: (at 47823) by debbugs.gnu.org; 17 Apr 2021 00:10:29 +0000
Received: from localhost ([127.0.0.1]:41960 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1lXYXZ-0002vN-Tx
 for submit@debbugs.gnu.org; Fri, 16 Apr 2021 20:10:29 -0400
Received: from lepiller.eu ([89.234.186.109]:34482)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@lepiller.eu>) id 1lXYXU-0002v8-Tq
 for 47823@debbugs.gnu.org; Fri, 16 Apr 2021 20:10:24 -0400
Received: from lepiller.eu (localhost [127.0.0.1])
 by lepiller.eu (OpenSMTPD) with ESMTP id 64a8fa1c;
 Sat, 17 Apr 2021 00:10:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date
 :in-reply-to:references:mime-version:content-type
 :content-transfer-encoding:subject:to:cc:from:message-id; s=
 dkim; bh=Ur5byhPj2zekcuFEm1uEygd8uD3WjPwziHbnN6QNQio=; b=WFWLror
 2gbfgg8Toze6Ic+tOTEYAF4rU7EoNIFUQ8zA8TWX2JM7n4GncLl5OeGzdfaywsgF
 1iznkTJT6uLKbLt9BBW9h9VoAyTLwXkJwLJ6/N7EElzhBzVjgT95i9i5OusqXqcc
 nSBGwtuK55vvLvR2wS4GvE5B/L7pryzlhIV9taqZAWONHS2CPkKw9RpUMkvOfj2I
 PXIuLwmmyRWufJFy/qSMdixNvc3aWdGmrdLaeFT4y6K3Q5gbmOSthzONXLoo/AXk
 JExYV6NfNnGRSZuBWGbU3BM778sUY7aWPPyM4WaY8+wKL4tD/bi7zKvwcr6gdaDI
 fYs+moqRWot0N2A==
Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 440dad28
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Sat, 17 Apr 2021 00:10:17 +0000 (UTC)
Date: Fri, 16 Apr 2021 20:10:11 -0400
User-Agent: K-9 Mail for Android
In-Reply-To: <YHm4HTDJwTfXFI3U@jasmine.lan>
References: <ee41c6c6-c080-7248-eed4-a8889d0b0a28@riseup.net>
 <YHm4HTDJwTfXFI3U@jasmine.lan>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Julien Lepiller <julien@lepiller.eu>
Message-ID: <4BF8EE8A-C2B4-429A-A0DF-928155A5802E@lepiller.eu>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Cc: 47823@debbugs.gnu.org
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1618618271;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=Ur5byhPj2zekcuFEm1uEygd8uD3WjPwziHbnN6QNQio=;
	b=M400d8eJeGCoxXz8N9WoVpXP/EjR6hIOP4DP2mt/hpNl0ExeLN43H7HHqVcqE4kstAM2TI
	/qYhHAPf5yOuQ8lQqs5WAtRZybOnze9dEYjR0c4qC+eqEmTXhi+4IQ8IUaB+2vDPxjqxHe
	yCcPWO3p2CP9dnJ68iElvOGCHl9JPLA832P7BU4c5uFzLTx9KxJiHfp/4PD4c11y90LS2V
	aAKoYoE1+8g5nssDjY3kz7I/3A1TLgJmC3d7ZN0qvMlP/z5Ah0Ac7Y2rfSkefbn/ypjd7O
	jY2U+UR3R2522YfE0d8IrspwxCKx0o3jTNQFghNDcxOUtSYXw2FAJB4WP//NBA==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1618618271; a=rsa-sha256; cv=none;
	b=WjrMYHqGkzRqH9HkJafNQ2S4SLZwMVr2aCQS3NVCZaSkHO90ivH8ECozFkGYOWCFmDzj5w
	qDsxu/F6to6U7dXNlgAA7GzL+b3CvZ3AWaY7aop7N/Nsq58hv+Tx14pZadLpy9Bhapp29C
	UIUrl6hSsLtfQ5mJlv0V2j+609p/O5xWMXZJuj3ciKrzJ47Rh821tJ7lW4M7knyBoe9E7G
	HjdMqMjjS2gIl6D8l2Vjqef6bBcW0JZ8NR2MLwn0P1JU7Uv7N4ZeGahfdFWlQb624h+t5x
	l+crU6+kpR2okst/DI6XK/aVspHGnFPls/9d1wWd7cEpkTcTrL/7r93RhVrzFw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=lepiller.eu header.s=dkim header.b="WFWLror ";
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Spam-Score: -1.34
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=lepiller.eu header.s=dkim header.b="WFWLror ";
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=lepiller.eu (policy=none);
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Queue-Id: DA41C21E5F
X-Spam-Score: -1.34
X-Migadu-Scanner: scn0.migadu.com
X-TUID: 50O/jP8nPnI1

Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari <leo@famulari=2Ename> a =
=C3=A9crit :
>On Fri, Apr 16, 2021 at 11:00:05AM +0000, bo0od wrote:
>> Scanning Guix website gave many missing security features which
>modern
>> security needs them to be available:
>>=20
>> * TLS and DNS:
>>=20
>> looking at:
>>=20
>> https://www=2Ehardenize=2Ecom/report/guix=2Egnu=2Eorg/1618568751
>>=20
>> https://www=2Essllabs=2Ecom/ssltest/analyze=2Ehtml?d=3Dguix=2Egnu=2Eorg
>
>Thanks!
>
>> - DNS: DNSSEC support missing (important)
>
>Hm, is it important? My impression is that it's an idea whose time has
>passed without significant adoption=2E
>
>But maybe we could enable it if the costs are not too great=2E

gnu=2Eorg does not have dnssec, so we'd need them to work on that first=2E