From mboxrd@z Thu Jan  1 00:00:00 1970
From: Hartmut Goebel <h.goebel@goebel-consult.de>
Subject: Re: [PATCH 1/1] gnu: Add acme-client.
Date: Fri, 2 Sep 2016 20:01:55 +0200
Message-ID: <57C9BE93.7090206@goebel-consult.de>
References: <cover.1472827750.git.leo@famulari.name>
	<f1649dd9aafe811c930ddaca825dbffe82e20818.1472827750.git.leo@famulari.name>
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
	micalg=sha-256; boundary="------------ms010600070501070709050701"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45389)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <h.goebel@goebel-consult.de>) id 1bfsmx-0003By-GK
	for guix-devel@gnu.org; Fri, 02 Sep 2016 14:02:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <h.goebel@goebel-consult.de>) id 1bfsmt-00047b-HV
	for guix-devel@gnu.org; Fri, 02 Sep 2016 14:02:03 -0400
Received: from mail-out.m-online.net ([212.18.0.9]:46108)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <h.goebel@goebel-consult.de>) id 1bfsmt-00047V-75
	for guix-devel@gnu.org; Fri, 02 Sep 2016 14:01:59 -0400
Received: from frontend01.mail.m-online.net (unknown [192.168.8.182])
	by mail-out.m-online.net (Postfix) with ESMTP id 3sQn5170qqz3hjNk
	for <guix-devel@gnu.org>; Fri,  2 Sep 2016 20:01:57 +0200 (CEST)
Received: from localhost (dynscan1.mnet-online.de [192.168.6.68])
	by mail.m-online.net (Postfix) with ESMTP id 3sQn516XW2zvm1C
	for <guix-devel@gnu.org>; Fri,  2 Sep 2016 20:01:57 +0200 (CEST)
Received: from mail.mnet-online.de ([192.168.8.182])
	by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavisd-new,
	port 10024) with ESMTP id H09J3rnhPuzI for <guix-devel@gnu.org>;
	Fri,  2 Sep 2016 20:01:56 +0200 (CEST)
Received: from hermia.goebel-consult.de
	(ppp-188-174-137-67.dynamic.mnet-online.de [188.174.137.67])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.mnet-online.de (Postfix) with ESMTPS
	for <guix-devel@gnu.org>; Fri,  2 Sep 2016 20:01:56 +0200 (CEST)
Received: from [192.168.110.2] (lenashee.goebel-consult.de [192.168.110.2])
	by hermia.goebel-consult.de (Postfix) with ESMTP id 9766960120
	for <guix-devel@gnu.org>; Fri,  2 Sep 2016 20:01:55 +0200 (CEST)
In-Reply-To: <f1649dd9aafe811c930ddaca825dbffe82e20818.1472827750.git.leo@famulari.name>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org

This is a cryptographically signed message in MIME format.

--------------ms010600070501070709050701
Content-Type: multipart/alternative;
 boundary="------------000800080201020304040507"

This is a multi-part message in MIME format.
--------------000800080201020304040507
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Am 02.09.2016 um 16:49 schrieb Leo Famulari:
> +    (name "acme-client")

I strongly suggest using a different name, as this is *one* of many
implementations and it is not the "official" one.

> +    (synopsis "Let's Encrypt client")

The synopsis should already state, this is *one* of the acme-clients.
Something like "Let's Encrypt client  used as standard at OpenBSD" is
more meaningful.
> +    (description "acme-client is a Let's Encrypt client implemented in=
 C.  It
> +uses a modular design, and attempts to secure itself by dropping privi=
leges and

*shiver* Why would one implement this in an language like C, which is
prone to buffer overflows, if there are implementations available in
more secure languages?


--=20
Sch=C3=B6nen Gru=C3=9F
Hartmut Goebel
Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer
Information Security Management, Security Governance, Secure Software
Development

Goebel Consult, Landshut
http://www.goebel-consult.de

Blog:
http://www.goebel-consult.de/blog/filmgesprach-zu-201ecitizenfour201c-in-=
herrsching

Kolumne: http://www.cissp-gefluester.de/2010-06-adobe-und-der-maiszunsler=



--------------000800080201020304040507
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>
    <meta content=3D"text/html; charset=3Dutf-8" http-equiv=3D"Content-Ty=
pe">
  </head>
  <body text=3D"#000000" bgcolor=3D"#FFFFFF">
    <div class=3D"moz-cite-prefix">Am 02.09.2016 um 16:49 schrieb Leo
      Famulari:<br>
    </div>
    <blockquote
cite=3D"mid:f1649dd9aafe811c930ddaca825dbffe82e20818.1472827750.git.leo@f=
amulari.name"
      type=3D"cite">
      <pre wrap=3D"">+    (name "acme-client")</pre>
    </blockquote>
    <br>
    I strongly suggest using a different name, as this is *one* of many
    implementations and it is not the "official" one.<br>
    <br>
    <blockquote
cite=3D"mid:f1649dd9aafe811c930ddaca825dbffe82e20818.1472827750.git.leo@f=
amulari.name"
      type=3D"cite">
      <pre wrap=3D"">+    (synopsis "Let's Encrypt client")</pre>
    </blockquote>
    <br>
    The synopsis should already state, this is *one* of the
    acme-clients. Something like "Let's Encrypt client=C2=A0
    used as standard at OpenBSD" is more meaningful.<br>
    <blockquote
cite=3D"mid:f1649dd9aafe811c930ddaca825dbffe82e20818.1472827750.git.leo@f=
amulari.name"
      type=3D"cite">
      <pre wrap=3D"">+    (description "acme-client is a Let's Encrypt cl=
ient implemented in C.  It
+uses a modular design, and attempts to secure itself by dropping privile=
ges and</pre>
    </blockquote>
    <br>
    *shiver* Why would one implement this in an language like C, which
    is prone to buffer overflows, if there are implementations available
    in more secure languages?<br>
    <br>
    <br>
    <div class=3D"moz-signature">-- <br>
      <span style=3D"color:black">
        Sch=C3=B6nen Gru=C3=9F <br>
        Hartmut Goebel <br>
      </span>
      <span style=3D"font-size:smaller">Dipl.-Informatiker (univ), CISSP,=

        CSSLP, ISO 27001 Lead Implementer</span><br>
      <span style=3D"font-size:smaller">Information Security Management,
        Security Governance, Secure Software Development</span>
      <p style=3D"color:black" lang=3D"de">
        Goebel Consult, Landshut <br>
        <a style=3D"color:black" href=3D"http://www.goebel-consult.de">ht=
tp://www.goebel-consult.de</a>
      </p>
      <p style=3D"color:grey;font-size:smaller">
        Blog:
        <a style=3D"color:grey !important;text-decoration:none !important=
"
href=3D"http://www.goebel-consult.de/blog/filmgesprach-zu-201ecitizenfour=
201c-in-herrsching">http://www.goebel-consult.de/blog/filmgesprach-zu-201=
ecitizenfour201c-in-herrsching</a>
        <br>
        Kolumne:
        <a style=3D"color:grey !important;text-decoration:none !important=
"
href=3D"http://www.cissp-gefluester.de/2010-06-adobe-und-der-maiszunsler"=
>http://www.cissp-gefluester.de/2010-06-adobe-und-der-maiszunsler</a>
      </p>
    </div>
  </body>
</html>

--------------000800080201020304040507--

--------------ms010600070501070709050701
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
BYswggWHMIIDb6ADAgECAgMR5Y4wDQYJKoZIhvcNAQENBQAweTEQMA4GA1UEChMHUm9vdCBD
QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNp
Z25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcN
MTYwMzI5MDk1NTAzWhcNMTYwOTI1MDk1NTAzWjBFMRgwFgYDVQQDEw9DQWNlcnQgV29UIFVz
ZXIxKTAnBgkqhkiG9w0BCQEWGmguZ29lYmVsQGdvZWJlbC1jb25zdWx0LmRlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykbRbJ57m2Wx9zb8EBr9nMk46l9VRzELF//iqO03
wrtAaROtXXC8o8jK8Ah32vnJjpvsToNK3vB+AuHvFZtDA4nanRZpZJvHZhMfH4hYL2+2IQMG
xlHvWBc+3PiPotZE8pA2xvfM3raiY4DRqbKjWFa13gdShFDF9V3kQ0QaSsvV7oS44OFkgIlY
k3ZK/27x6tkYQ3N9R4xRADl4BmGzupDXxFUM+pTEjg7xfqr2WS7fnA4OLoUcIgrgrAVSqEkR
rcstQKOT07FzO1WaCpNGIJJt6ixts2ng4blUsrYfX+Zdu9cL0RkE1ZMn5GvNlZyQWMzuBl/C
EXiNaDE/1az5ewIDAQABo4IBSjCCAUYwDAYDVR0TAQH/BAIwADBWBglghkgBhvhCAQ0ESRZH
VG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQgb3ZlciB0byBodHRw
Oi8vd3d3LkNBY2VydC5vcmcwDgYDVR0PAQH/BAQDAgOoMEAGA1UdJQQ5MDcGCCsGAQUFBwME
BggrBgEFBQcDAgYKKwYBBAGCNwoDBAYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMDIGCCsGAQUF
BwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9yZzAxBgNVHR8EKjAo
MCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcvcmV2b2tlLmNybDAlBgNVHREEHjAcgRpo
LmdvZWJlbEBnb2ViZWwtY29uc3VsdC5kZTANBgkqhkiG9w0BAQ0FAAOCAgEAG4saZUHqi9Gk
kLRWCd/Ir7yA6mTHmhkXZuiHwdUbCtIX+zvXx3H+SJ5rKCn1lgPFTtNcmaikSkEv3NJaCdkO
y+VR7A1PGkG2iVVfy2xcPEhyDf1OdIHUANLjWZ9sPm8ThGgf+WLIirC0JfHfxQzJCkmxIrAM
m6eVI32utOYdibzAcM30/engjUDyXqfWI27oMQJfqFdIQmbpHNkaTiTGNDj+Rtm/C3bepcyu
mPK1Me/psFi/Lrm5/0cYO9WYrtcvneDfJ1cA0lv2CO+pQrHYNrg1eN5MiVFgf/1ZZn7491ka
5Anjv2qzkaE/KlSkD0jbIJiVM7sjclbawArPB1nInwE3flnDylYxsEuyS64ehRV3oWgePgQ2
ntxmkRk/8ECm8HO0IZdu/WLl1WwDERRPRQZs5PZhhL0RVOA+o4TY/cvqcu16e8S6jaMFQVKe
pdGfZFcLOtxYBPEjdmisBaBv7uzaQdTMTSbEFuA4Gtlbf913QSQmigtxRAlwUQlbtMib6+KP
OWxFaoBmIzryxGLdOph8XacpFmgJ4LuBavl9Jic4oCvaelZ3cAMjUCSv3+HiRdhL6o0ujNb6
tCzsf6r3VSU7g5REHSkku1sVUy5Wdrl3QzvostEVIpLrD6HtMiNKcq9az4IJN14GjFowMHx3
Uo8j/TXzjRH0TlptQlLrnPoxggOxMIIDrQIBATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4w
HAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmlu
ZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDEeWOMA0G
CWCGSAFlAwQCAQUAoIICATAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
BTEPFw0xNjA5MDIxODAxNTVaMC8GCSqGSIb3DQEJBDEiBCDAn9Z8oa0mkr/wcadwe9998RcR
V1C2C8DKefW0NzoNCjBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQME
AQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIH
MA0GCCqGSIb3DQMCAgEoMIGRBgkrBgEEAYI3EAQxgYMwgYAweTEQMA4GA1UEChMHUm9vdCBD
QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNp
Z25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxHl
jjCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMV
aHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9y
aXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxHljjANBgkqhkiG9w0B
AQEFAASCAQA4Lx2NXjBjdz9CRA0g8flFTX5WEKyDb+m4taVvg5DDgDmAYKlGKHmCkwkbsA1r
JDtguE6ZymjwVkuZm1XHovcurw1kW5UbA6pX3jf2Yooz/xBHd6zJ2bKfaXLWuGA/siGKXHSD
AMrylAZQV/P6Mrkd8uZQaKslmmc4My28/GWrSLw2NVL7rHSYthktIvFTEd9OhNLhYoeFyIQc
cbLL40PDK4mxaintMDjQd3ulZt/iUXAa2r5rXgg3Ooa+akjbNn1sKltPbxP6zihffvAhzcUR
b2lpHrsqYEwLnauv+KvYfre2VWdY0kgvDiDqX8HpTMbgl/Rrf8d1N5xZfHtbq6zBAAAAAAAA

--------------ms010600070501070709050701--