From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id 6B3EK0Kzp2LqRwAAbAwnHQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 13 Jun 2022 23:59:30 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id SICxK0Kzp2IjQgAAauVa8A
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 13 Jun 2022 23:59:30 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 5F152E345
	for <larch@yhetil.org>; Mon, 13 Jun 2022 23:59:30 +0200 (CEST)
Received: from localhost ([::1]:46066 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1o0s5p-0007Dk-Cw
	for larch@yhetil.org; Mon, 13 Jun 2022 17:59:29 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:51692)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1o0s5O-0007Db-Ex
 for guix-patches@gnu.org; Mon, 13 Jun 2022 17:59:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:38520)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1o0s5O-0005q5-6U
 for guix-patches@gnu.org; Mon, 13 Jun 2022 17:59:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1o0s5O-0007Vx-4f
 for guix-patches@gnu.org; Mon, 13 Jun 2022 17:59:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#55912] [PATCH] home: Add OpenSSH service.
Resent-From: Maxime Devos <maximedevos@telenet.be>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 13 Jun 2022 21:59:02 +0000
Resent-Message-ID: <handler.55912.B55912.165515752328859@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 55912
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 55912@debbugs.gnu.org
Received: via spool by 55912-submit@debbugs.gnu.org id=B55912.165515752328859
 (code B ref 55912); Mon, 13 Jun 2022 21:59:02 +0000
Received: (at 55912) by debbugs.gnu.org; 13 Jun 2022 21:58:43 +0000
Received: from localhost ([127.0.0.1]:60650 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1o0s55-0007VP-4z
 for submit@debbugs.gnu.org; Mon, 13 Jun 2022 17:58:43 -0400
Received: from laurent.telenet-ops.be ([195.130.137.89]:48698)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@telenet.be>) id 1o0s53-0007VE-I0
 for 55912@debbugs.gnu.org; Mon, 13 Jun 2022 17:58:42 -0400
Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a])
 by laurent.telenet-ops.be with bizsmtp
 id ilyf270014UW6Th01lyf5V; Mon, 13 Jun 2022 23:58:39 +0200
Message-ID: <52f35ffdfd2f0f17679662d89c515b7611fbce77.camel@telenet.be>
From: Maxime Devos <maximedevos@telenet.be>
Date: Mon, 13 Jun 2022 23:58:32 +0200
In-Reply-To: <87czfcuche.fsf@gnu.org>
References: <20220611164931.21953-1-ludo@gnu.org>
 <d53fd0704720c45569e610345f275e225e37c4bd.camel@telenet.be>
 <87czfcuche.fsf@gnu.org>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-84uCURqCmaKq2W84y7G4"
User-Agent: Evolution 3.38.3-1 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1655157519; bh=puaXvj5hkQG3r3bpMx0yZEYF3JelHqw9e9ldx16WmYY=;
 h=Subject:From:To:Cc:Date:In-Reply-To:References;
 b=W6YUQlzj455FtVEtoXDy6nD7PR9TxN+knQtoXJpcbUomiKLjhggEIsRnZr5zsHYZe
 VyoEVbkqn3KYJ98LO5uhldzPEAQiZHtdrCgHgYqVgXkg8OQp3fC3xUCagPPf9BMUv4
 Z/gmNp6F/c1kG2kmHTexpI4L/nRXaZ2z0F9PnTRIPX96zpDMYG+J6Y/dSmPlIfX2b9
 W0oPzJVRpmZDrIpZe3KtFcADz3jCLy5R8CTqlkMXSEvJ6i+Q1G+z5R2qv4LkPd+/nW
 bO84Qv5pR6+xnf4rXtIFNVNVhwvcS1moogrTvjHh+A+x8kxPX+Q8OLkeJk4VzahfxR
 2XOTCIpfYa5xw==
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1655157570;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post:
	 dkim-signature; bh=puaXvj5hkQG3r3bpMx0yZEYF3JelHqw9e9ldx16WmYY=;
	b=K56axYWqUPCJBmo7bs/4uX38We4K8dVJKhOkuGcItcYDQIhmsXwxWNK8EsfD/mZ+lVQp7V
	4XvYFXpU3crRvOVEorVPoBNfU1pCfWAPMtIWoLFkoJhNZVjXbe3owC9w36hFiBIhlu214J
	o4b5wlmrzy7H4Uv8j7TuAqB/nkW7E+RiRMWPBYIboVLi40xyO9XbgTrwiG7lU+bbWIwYnR
	bVPSzudlo0+kZQYHbiGDDkGZxTVu+ykeTdJxOKHs8y8VVEfhbMpzFNKyXCRBq5Z/TQ3ttO
	M1zncWMfvYOS1Akiwxkq8IM2vXSQEjE3PcsoOMBqklukW3rBZ4T92jWk0GgSIw==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1655157570; a=rsa-sha256; cv=none;
	b=Nqf11zhPjy/MZotzQ/Cr2mQk1+hjkuyZonEBCPWnoW32peqbDsaTtJLWxxuwMf8YbYmz44
	FTjIg4niox1l9WsReTSNR2qv4az3zT69WYnP25f+T0zHHmKt80zH2P92gF8/hj7veVYxS/
	TkOsIFVlbKcglrmSZYYXLx5FLvnfEHZt2ffb7pv0Zhqg12iqRyWRfcKkyDkO50AUeJNtBq
	UEqiVIycbRBU/50cw7UAt9VHUgHu6WUhtNO9Vxq2xauQ3zqVMM3zn5i8s8uOhZY566fSur
	21u5peRayEAblP/gcrIGl+LIbL9XDaLMw1bhzSL04LPqUoEiqgyAoGg7ZbIdYw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r22 header.b=W6YUQlzj;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: 3.81
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r22 header.b=W6YUQlzj;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 5F152E345
X-Spam-Score: 3.81
X-Migadu-Scanner: scn0.migadu.com
X-TUID: eIlSJSkyz17A


--=-84uCURqCmaKq2W84y7G4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s schreef op ma 13-06-2022 om 11:41 [+0200]:
> > TCP only allows natural numbers up to some bound, and in practice
> > implementations only support non-zero natural numbers, so maybe the
> > predicate can be refined a bit?
>=20
> We could do that, though that=E2=80=99s more code for little in return=E2=
=80=A6

Input validation is generally considered good practice.  This has
recently been rediscovered in, say,
<https://lists.gnu.org/archive/html/guix-devel/2022-02/msg00140.html>.

The little extra code is trivial (just an new predicate doing some
bounds checks and exact-integer?) and:

  * I believe that simply implementing the tiny procedure is less
    expensive than doing a proper cost-benefit analysis

  * the cost is only once, it's not a recurring cost

  * the cost is trivial

  * the new predicate can benefit _all_ services handling network ports

  * it would benefit _all_ users of OpenSSH that might make a typo
    or such.  Likewise for other network services.

  * the benefit is not only once, it's recurring

  * cost of not doing checks:
    error messages that don't appear during "guix home reconfigure"
    inside Guix, and instead appear later during using the new Home
    from within external software even though the error was in the
    Guix Home.  Becomes rather complicated.

(Slight benefit, multiplied over many uses & much time -> large benefit
compared to the tiny one-time investment.)

Greetings,
Maxime.

--=-84uCURqCmaKq2W84y7G4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYqezCBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7vwLAQC2psYFbMsijBvGZFo39FLa+TTB
GSZx4N33BqtcJOzNCgD/Yz9MxWm8WEdKgFe5WfDR0f5VbraUKgM9CFhbROd5sQg=
=dvAh
-----END PGP SIGNATURE-----

--=-84uCURqCmaKq2W84y7G4--